xebialabs · Mahalakshmithirumurthy2301 · Apr 1, 2026 · Mar 12, 2026
diff --git a/README.md b/README.md
@@ -1083,6 +1083,10 @@ The SMB 2.x and CIFS protocol implementation of Overthere defines a number of ad
 	<th align="left" valign="top"><a name="smb_smbRequireSigning"></a>smbRequireSigning</th>
 	<td>Whether to require the server to sign the responses. The default value is <code>false</code>.</td>
 </tr>
+<tr>
+	<th align="left" valign="top"><a name="smb_smbEncryptData"></a>smbEncryptData</th>
+	<td>Whether to encrypt the SMB transport data. Set to <code>true</code> or <code>false</code> for SMB 3.x servers. Must be <code>false</code> for SMB 2.x servers, as SMB 2.x does not support encryption and the connection will fail otherwise. The default value is <code>false</code>.</td>
+</tr>
 </table>
 
 <a name="cifs_connection_options"></a>

diff --git a/src/main/java/com/xebialabs/overthere/smb/SmbConnection.java b/src/main/java/com/xebialabs/overthere/smb/SmbConnection.java
@@ -104,12 +104,15 @@ protected SmbConnection(String protocol, ConnectionOptions options, AddressPortM
         if (!realSmbHost.equals(hostname)) {
             transportLayerFactory = new TunnelTransportFactory<>(transportLayerFactory, hostname, smbPort);
         }
+        boolean encryptData = options.getBoolean(SMB_ENCRYPT_DATA, SMB_ENCRYPT_DATA_DEFAULT);
+
         username = options.get(USERNAME);
         password = options.get(PASSWORD);
         SmbConfig config = SmbConfig.builder()
                 .withSigningRequired(requireSigning)
                 .withTransportLayerFactory(transportLayerFactory)
                 .withSecurityProvider(new BCSecurityProvider())
+                .withEncryptData(encryptData)
                 .build();
         client = new SMBClient(config);
     }

diff --git a/src/main/java/com/xebialabs/overthere/smb/SmbConnectionBuilder.java b/src/main/java/com/xebialabs/overthere/smb/SmbConnectionBuilder.java
@@ -56,6 +56,12 @@ public class SmbConnectionBuilder extends BaseCifsConnectionBuilder implements O
      */
     public static final String SMB_REQUIRE_SIGNING = "smbRequireSigning";
 
+    /**
+     * Whether SMB Connections require the server to encrypt the data.
+     */
+    public static final boolean SMB_ENCRYPT_DATA_DEFAULT = false;
+    public static final String SMB_ENCRYPT_DATA = "smbEncryptData";
+
     private final SmbConnection connection;
 
     public SmbConnectionBuilder(String type, ConnectionOptions options, AddressPortMapper mapper) {

diff --git a/src/test/java/com/xebialabs/overthere/smb/winrm/SmbWinRmConnectionTest.java b/src/test/java/com/xebialabs/overthere/smb/winrm/SmbWinRmConnectionTest.java
@@ -74,4 +74,27 @@
         new SmbProcessConnection(SMB_PROTOCOL, options, INSTANCE);
     }
 
+    @Test
+    @SuppressWarnings("resource")
+    public void shouldSupportEncryptDataEnabled() {
+        options.set(USERNAME, "user");
+        options.set(SMB_ENCRYPT_DATA, true);
+        new SmbProcessConnection(SMB_PROTOCOL, options, INSTANCE);
+    }
+
+    @Test
+    @SuppressWarnings("resource")
+    public void shouldSupportEncryptDataDisabled() {
+        options.set(USERNAME, "user");
+        options.set(SMB_ENCRYPT_DATA, false);
+        new SmbProcessConnection(SMB_PROTOCOL, options, INSTANCE);
+    }
+
+    @Test
+    @SuppressWarnings("resource")
+    public void shouldDefaultEncryptDataToFalse() {
+        options.set(USERNAME, "user");
+        new SmbProcessConnection(SMB_PROTOCOL, options, INSTANCE);
+    }
+
 }