Closed nashkevichv closed 3 months ago
ecki
commented
3 months ago This seems to be the default for windows client as well (sign if one side requires it) but there is also a “always” registry option. The builder should allow that as well (alwaysSign(true)) which would be the current behavior for 2.0+?
hierynomus
commented
3 months ago Indeed, I was already working on a different solution that would add a second boolean signingEnabled..
signingRequired == verify that the remote (server) has signed the data and will terminate the connection otherwise.
!signingRequired && signingEnabled == We will always sign, but not force the remote to sign what we receive
!signingEnabled == We will not sign, but will verify a signature of the remote party if there is any.
The specification suggests you should always try to sign if possible, also depending on the dialect (for SMB3 you cannot disable it).
So I'll close this one, as the implementation is too simplistic and not in line with the MS-SMB2 specification
Do not sign data packets (SMB2WriteRequest) if sining is not required (SmbConfig.signingRequired = false).