s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 528d3f8cc7482b19c6728761fc4e3c08e0ab1433..6e7201b1cd8270501435495bc10e969ae9a0d70d 100644 (file)
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -492,14 +492,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
                        }
                }
 
-               /*
-                * For now we preferr CCM because our implementation
-                * is faster than GCM, see bug #11451.
-                */
-               if (aes_128_ccm_supported) {
-                       xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
-               } else if (aes_128_gcm_supported) {
+               if (aes_128_gcm_supported) {
                        xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
+               } else if (aes_128_ccm_supported) {
+                       xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
                }
 
                SSVAL(buf, 0, 1); /* ChiperCount */