From 98dae1d992aa1b048230f9d4934aefe8128b2f6c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 21 Sep 2025 23:34:37 +0200
Subject: [PATCH] socks_gssapi: remove the forced "no protection"

If a protected connection is requested, don't claim to drop down to "no
protection".

Reported in Joshua's sarif data

Closes #18712
---
 lib/socks_gssapi.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index b6530d5d7d..0aa6f7245f 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -359,8 +359,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
   infof(data, "SOCKS5 server supports GSS-API %s data protection.",
         (gss_enc == 0) ? "no" :
         ((gss_enc == 1) ? "integrity" : "confidentiality"));
-  /* force for the moment to no data protection */
-  gss_enc = 0;
+
   /*
    * Sending the encryption type in clear seems wrong. It should be
    * protected with gss_seal()/gss_wrap(). See RFC1961 extract below
-- 
2.47.3