There has been work upstream to enable encryption support for SMB3 connections. This is particularly useful with the Azure Files feature as encryption is required to connected to an Azure Files storage share from on-prem or from a different region.
The relevant commits are as follows:
CIFS: Fix possible use after free in demultiplex thread
Commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5
CIFS: Allow to switch on encryption with seal mount option
Commit ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31
CIFS: Add capability to decrypt big read responses
Commit c42a6abe3012832a68a371dabe17c2ced97e62ad
CIFS: Decrypt and process small encrypted packets
Commit 4326ed2f6a16ae9d33e4209b540dc9a371aba840
CIFS: Add copy into pages callback for a read operation
Commit d70b9104b1ca586f73aaf59426756cec3325a40e
There has been work upstream to enable encryption support for SMB3 connections. This is particularly useful with the Azure Files feature as encryption is required to connected to an Azure Files storage share from on-prem or from a different region.
The relevant commits are as follows:
CIFS: Fix possible use after free in demultiplex thread f2740a7ec8a0295 833b28b5f5
Commit 61cfac6f267dabc
CIFS: Allow to switch on encryption with seal mount option b72da9d9b56342a df53e69c31
Commit ae6f8dd4d0c87bf
CIFS: Add capability to decrypt big read responses a68a371dabe17c2 ced97e62ad
Commit c42a6abe3012832
CIFS: Decrypt and process small encrypted packets d33e4209b540dc9 a371aba840
Commit 4326ed2f6a16ae9
CIFS: Add copy into pages callback for a read operation f73aaf59426756c ec3325a40e
Commit d70b9104b1ca586
CIFS: Add mid handle callback 63ea80f6769701d cc4c24b55e
Commit 9b7c18a2d4b7989
CIFS: Add transform header handling callbacks 901fb684e874d77 a1e96b3d1e
Commit 9bb17e0916a03ab
CIFS: Encrypt SMB3 requests before sending 0be060bcb9ecd8d 7a7fd5c398
Commit 026e93dc0a3eefb
CIFS: Enable encryption during session setup phase d26c078a26e5c74 8531257ebb
Commit cabfb3680f78981
CIFS: Add capability to transform requests before sending 5cebd84d059927a fa423fbf85
Commit 7fb8986e7449d0a
CIFS: Separate RFC1001 length processing for SMB2 read 3122bff72d7968a 94baacb9b6
Commit b8f57ee8aad414a
CIFS: Separate SMB2 sync header processing 04e09e8635fa4f3 901cabdaef
Commit cb200bd6264a80c
CIFS: Send RFC1001 length in a separate iov c19d24cfdf90b45 43fc3b47bf
Commit 738f9de5cdb9175
CIFS: Make send_cancel take rqst as argument 42504910fe104f6 8517e8990e
Commit fb2036d817584df
CIFS: Make SendReceive2() takes resp iov b416775f92ae022 f3f82bedd5
Commit da502f7df03d2d0
CIFS: Separate SMB2 header structure 3750d3792ffce6a 6e1bdf0da7
Commit 31473fc4f9653b7
cifs: Add soft dependencies 25af8db0d35e1ef 9030fbe13a
Commit b9be76d585d48cb
cifs: Only select the required crypto modules e3810afd41b84ec b0e1e41db1
Commit 3692304bba6164b
cifs: Simplify SMB2 and SMB311 dependencies 14f8121e00e5787 f363140365
Commit c1ecea87471bbb6