// Last 4 bytes remain zero-initialized
        } else if (nonce.length == 16) {
            // For GCM cipher, use full 16-byte nonce
            System.arraycopy(nonce, 0, this.nonce, 0, 16);
        } else {
            throw new IllegalArgumentException("Nonce must be 12 bytes (CCM) or 16 bytes (GCM)");
        }
        this.originalMessageSize = originalMessageSize;
        this.flags = flags;

        if (keyLength == 32) {
            // AES-256 support
            transformation = "AES/GCM/NoPadding";
        } else if (keyLength == 16) {
            // AES-128 (existing)
            transformation = "AES/GCM/NoPadding";
        } else {
            throw new IllegalArgumentException("Unsupported key length for GCM: " + keyLength);
        }

        byte[] key = null;
        byte[] keyCopy = null;

**Protocol Selection:**
- Default Range: SMB1 to SMB 3.1.1
- Automatic Negotiation: Client offers all supported dialects, server selects highest common version
- Configurable: Min/max versions can be set via configuration properties

### SMB3 Encryption Support
- **SMB2 Transform Header**: Encrypted message wrapping

@DisplayName("CIFSUnsupportedCryptoException Tests")
class CIFSUnsupportedCryptoExceptionTest extends BaseTest {

    private static final String CRYPTO_ERROR_MESSAGE = "Unsupported cryptographic algorithm: AES-256-GCM";
    private static final String ALGORITHM_NAME = "AES-256-GCM";

    @Test
    @DisplayName("Default constructor should create exception with null message and cause")
    void testDefaultConstructor() {
        // Given & When

    /**
     * AES 128 CCM
     */
    public static final int CIPHER_AES128_CCM = 0x1;

    /**
     * AES 128 GCM
     */
    public static final int CIPHER_AES128_GCM = 0x2;

    /**
     * AES 256 CCM
     */
    public static final int CIPHER_AES256_CCM = 0x3;

    /**
     * AES 256 GCM
     */
    public static final int CIPHER_AES256_GCM = 0x4;

    private int[] ciphers;

    /**

        // Nonces should have proper size
        assertEquals(16, nonce1.length, "GCM nonce should be 16 bytes");
        assertEquals(16, nonce2.length, "GCM nonce should be 16 bytes");
        assertEquals(16, nonce3.length, "GCM nonce should be 16 bytes");

        // For GCM, last 4 bytes should contain incrementing counter

            // SMB 3.1.1 -> default AES-128-GCM when server did not choose
            Smb2NegotiateResponse smb311 = new Smb2NegotiateResponse(cfg);
            setField(smb311, "selectedDialect", DialectVersion.SMB311);
            setField(smb311, "selectedCipher", -1);
            setField(transport, "negotiated", smb311);
            Smb2EncryptionContext gcm = transport.createEncryptionContext(sessionKey, preauth);

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */

```

`--sftp=cipher-algos=...` specifies the allowed cipher algorithms. 
If unspecified then a sensible default is used.

Valid values: 
```
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
******@****.***
arcfour256
arcfour128
arcfour
aes128-cbc
3des-cbc
```

`--sftp=mac-algos=...` specifies a default set of MAC algorithms in preference order.

	"aes128-ctr", "aes192-ctr", "aes256-ctr",
	"aes128-gcm@openssh.com", gcm256CipherID,
	chacha20Poly1305ID,
	"arcfour256", "arcfour128", "arcfour",
	aes128cbcID,
	tripledescbcID,
}

// preferredCiphers specifies the default preference for ciphers.
// https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.22.0:ssh/common.go;l=37
var preferredCiphers = []string{
	"aes128-gcm@openssh.com", gcm256CipherID,
	chacha20Poly1305ID,