[MS-SMB2] 3.3.5.4 Receiving an SMB2 NEGOTIATE Request - SMB2_SIGNING_CAPABILITIES negotiate context

Lilia 60 Reputation points
2024-04-04T14:31:31.8833333+00:00

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/b39f253e-4963-40df-8dff-2f9040ebbeb1

According to spec:

"If the Connection.Dialect is "3.1.1", then the server MUST process the NegotiateContextList..."

"If Connection.Dialect is "3.1.1", then the server MUST build a NegotiateContextList for its negotiate response as follows:

If the server processed the SMB2_SIGNING_CAPABILITIES negotiate request context, then the server MUST build an SMB2_SIGNING_CAPABILITIES negotiate response context by setting the following:

SigningAlgorithms MUST be set to Connection.SigningAlgorithmId.

SigningAlgorithmCount MUST be set to 1."

Since for SMB311 processing this context is a MUST, then responding with the context is also a MUST.

But in reality Windows hosts do not respond with the SMB2_SIGNING_CAPABILITIES context in Negotiate response.

Windows Open Specifications
Windows Open Specifications
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Open Specifications: Technical documents for protocols, computer languages, standards support, and data portability. The goal with Open Specifications is to help developers open new opportunities to interoperate with Windows, SQL, Office, and SharePoint.
42 questions
{count} votes

Accepted answer
  1. Obaid Farooqi MSFT 591 Reputation points Microsoft Employee
    2024-04-29T23:09:38.16+00:00

    Update:

    This issue is now resolved.

    In MS-SMB2, in the following behavior notes, it has been stated that Windows server’s versions older than v20H2 do not process SMB2_SIGNING_CAPABILITIES:

     

    “<17> Section 2.2.3.1: Windows 10 operating system and prior and Windows Server v20H2 operating

    system and prior do not send or process SMB2_SIGNING_CAPABILITIES.”

     

    “<125> Section 3.2.4.2.2.2: Windows 10 operating system and prior and Windows Server v20H2

    operating system and prior do not send or process SMB2_SIGNING_CAPABILITIES negotiate context.”

     

    The behavior notes above explain what the poster is observing in WS2016.

     

    I have filed a bug against MS-SMB2 to remove the MUST’s in section “Processing the SMB2_SIGNING_CAPABILITIES negotiate context”.

    Regards,

    Obaid Farooqi - MSFT

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.