Why are CIFS sessions not signed when encryption and smb signing are both enabled on the SVM?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 113

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: cifs

Last Updated:

Applies to

ONTAP 9
CIFS
SMB Signing
SMB Encryption

Answer

If a CIFS session is marked for both Signing and Encryption then SMB Encryption supersedes SMB signing.
Therefore in such a case where either share-level or server-level encryption is enabled, "is-session-signed" in Cifs Session should not return true

Example:

Cluster01::> cifs security show -vserver SVM1 -fields is-signing-required,is-smb-encryption-required vserver is-signing-required is-smb-encryption-required ----------- ------------------- -------------------------- SVM1 true true

Cluster01::> cifs session show -vserver SVM1 -fields is-session-signed,smb-encryption-status node vserver session-id connection-id is-session-signed smb-encryption-status ------------ ---------- ------------------- ------------- ----------------- --------------------- Cluster01-02 SVM1 5783747821497729909 952531972 false encrypted Cluster01-02 SVM1 5783747821497731202 952532894 false encrypted Cluster01-02 SVM1 5783747821497731343 952532985 false encrypted 3 entries were displayed.

Additional Information

Fo more information see, Microsoft documentation SMB security Enhancements.