3.2.4.1.8 Encrypting the Message

If the client does not implement the SMB 3.x dialect family, or the request being sent is SMB2 NEGOTIATE, or the request being sent is SMB2 SESSION_SETUP with the SMB2_SESSION_FLAG_BINDING bit set in the Flags field, or Session.IsGuest is TRUE, the client MUST NOT encrypt the message.

If Connection.Dialect belongs to the SMB 3.x dialect family, IsEncryptionSupported is TRUE, and any of the Booleans Session.EncryptData, TreeConnect.EncryptData, or Share.EncryptData is TRUE,

• If Session.IsAnonymous is TRUE, the client SHOULD NOT<114> encrypt the message.

• Otherwise, the client MUST encrypt the message as specified in section 3.1.4.3 before sending.