From: Bruno Renié <brutasse@users.noreply.github.com>
Date: Fri, 13 Mar 2026 11:26:57 +0000 (+0100)
Subject: docs: Drop mention of aes-256-cbc
X-Git-Tag: v12.3.0-rc1~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82612a29ced090d76e02a0bb944276d8579b9f0a;p=thirdparty%2Flibvirt.git

docs: Drop mention of aes-256-cbc

This is most likely referring to past qemu-img behavior. Defaults are
not encoded in libvirt. `qemu-img` behavior is runtime-dependent, with a
current preference towards 'aes-256-xts'.

Signed-off-by: Bruno Renié <brutasse@gmail.com>
---

diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst
index 066d285090..f5883da1a3 100644
--- a/docs/formatstorageencryption.rst
+++ b/docs/formatstorageencryption.rst
@@ -64,10 +64,8 @@ expected (except for the case of RBD layered encryption mentioned above).
 For volume creation, it is possible to specify the encryption algorithm used to
 encrypt the luks volume. The following two optional elements may be provided for
 that purpose. It is hypervisor dependent as to which algorithms are supported.
-The default algorithm used by the storage driver backend when using qemu-img to
-create the volume is 'aes-256-cbc' using 'essiv' for initialization vector
-generation and 'sha256' hash algorithm for both the cipher and the
-initialization vector generation.
+If no cipher elements are provided, the storage driver backend will use
+qemu-img's default encryption settings.
 
 ``cipher``
    This element describes the cipher algorithm to be used to either encrypt or