2.2.7 Supported Encryption Types Bit Flags

The data in the msDS-SupportedEncryptionTypes attribute ([MS-ADA2] section 2.465), and in fields that specify which encryption types are supported, contains a 32-bit unsigned integer in little-endian format that contains a combination of the following flags, and which specifies what encryption types are supported by the server or service. An encryption type is supported if its value is equal to 1.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

0

0

0

0

0

0

0

0

0

0

0

I

H

G

F

0

0

0

0

0

0

0

0

0

0

0

E

D

C

B

A

Where the bits are defined as:

Value

Description

A

DES-CBC-CRC

B

DES-CBC-MD5

C

RC4-HMAC

D

AES128-CTS-HMAC-SHA1-96

E

AES256-CTS-HMAC-SHA1-96

F

FAST-supported<8>

G

Compound-identity-supported<9>

H

Claims-supported<10>

I

Resource-SID-compression-disabled<11>

All other bits MUST be set to zero when sent and MUST be ignored when they are received.