2.2.7 Supported Encryption Types Bit Flags
The data in the msDS-SupportedEncryptionTypes attribute ([MS-ADA2] section 2.465), and in fields that specify which encryption types are supported, contains a 32-bit unsigned integer in little-endian format that contains a combination of the following flags, and which specifies what encryption types are supported by the server or service. An encryption type is supported if its value is equal to 1.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
I |
H |
G |
F |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
E |
D |
C |
B |
A |
Where the bits are defined as:
|
Value |
Description |
|---|---|
|
A |
DES-CBC-CRC |
|
B |
DES-CBC-MD5 |
|
C |
RC4-HMAC |
|
D |
AES128-CTS-HMAC-SHA1-96 |
|
E |
AES256-CTS-HMAC-SHA1-96 |
|
F |
FAST-supported<9> |
|
G |
Compound-identity-supported<10> |
|
H |
Claims-supported<11> |
|
I |
Resource-SID-compression-disabled<12> |
All other bits MUST be set to zero when sent and MUST be ignored when they are received.