Projects tigase _server server-core Issues #1508
SCRAM *-PLUS mechanisms unavailable after StartTLS (#1508)
Andrzej Wójcik (Tigase) opened 2 years ago

We have enabled SCRAM *-PLUS mechanisms that will allow us to support Channel Binding. They work fine are available when DirectTLS connection is used, but they are unavailable when StartTLS connection is being used.

  • Andrzej Wójcik (Tigase) commented 2 years ago

    This issue was reported by @bmalkow while working on channel bindings for Halcyon.

  • Andrzej Wójcik (Tigase) added "Related" tigase-private/halcyon#84 2 years ago
  • Andrzej Wójcik (Tigase) added "Related" tigase-private/halcyon#82 2 years ago
  • Andrzej Wójcik (Tigase) commented 2 years ago

    The issue was caused by during adding support for TLS 1.3, what caused refactoring and changing places when method notifying SessionManager about connection encryption was called. I've added call for this method in places that should handle this for StartTLS and verified that with this change Tigase XMPP Server offers *-PLUS mechanisms for StartTLS and DirectTLS connections.

  • Andrzej Wójcik (Tigase) commented 2 years ago

    @bmalkow Please verify if this works as it should for you.

  • Bartosz Małkowski commented 2 years ago

    I checked 8.4.0-SNAPSHOT-b12407. tls-server-end-point is provided by server and it works as expected.

  • Bartosz Małkowski changed state to 'Closed' 2 years ago
    Previous Value Current Value
    Open
    Closed
  • Bartosz Małkowski added "Related" #1509 2 years ago
  • Wojciech Kapcia (Tigase) batch edited 11 months ago
    Name Previous Value Current Value
    Iterations
    empty
    tigase-server-8.4.0
  • Wojciech Kapcia (Tigase) batch edited 11 months ago
    Name Previous Value Current Value
    Version
    8.4.0
    tigase-server-8.4.0
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Version
tigase-server-8.4.0
Server Version
8.4.0
Target Release
1.0
Sprints
n/a
Customer
n/a
Iterations
Issue Votes (0)
Watchers (4)
Reference
tigase/_server/server-core#1508
Please wait...
Page is in error, reload to recover