It seems like if you specify a list of supported server/client signing/encryption algorithms in `{server,client} smb3 {signing,encryption} algorithms`, the server picks the left-most algorithm that is supported by the client. I haven't tested all combinations (server, client, signing, encryption) but only `server smb3 encryption algorithms`, so, I might be wrong for the other cases. Still, I see two issues with this approach: 1) The default algorithms lists (the ones listed in the manpages) seem to be sorted in ascending order of security. Thus, by default the server would pick the least secure algorithm. 2) The server should generally prefer the most secure algorithm in a list instead of relying on order, unless explicitely specified by the user. At the very least, the order of preference should be explicitely stated in the manpages to avoid confusion. I apologize in advance if I misunderstood the order of preference. Best, Jonathan
We aim to behave like Windows and there the server picks the first supported algorithm the client proposed. So the order only really matters in the client options. On the client proposes the algorithms based on the performance impact from the fastest to the slowest.