Enable SASL-SCRAM by default (#687)

Activities

wojciech.kapcia@tigase.net opened 8 years ago

Due Date
2016-06-30

It should be enabled and available by default

wojciech.kapcia@tigase.net commented 8 years ago

Applied in changeset commit:tigase-server|6bf9d57e.

wojciech.kapcia@tigase.net commented 8 years ago

Enabled:

<?xml version='1.0'?>
<stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='atlantiscity'
               id='69643a8f-28f5-47c8-b1ea-dd5d32043187' version='1.0' xml:lang='en'>
    <stream:features>
        <auth xmlns="http://jabber.org/features/iq-auth"/>
        <register xmlns="http://jabber.org/features/iq-register"/>
        <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
            <mechanism>SCRAM-SHA-1</mechanism>
            <mechanism>PLAIN</mechanism>
            <mechanism>ANONYMOUS</mechanism>
        </mechanisms>
        <ver xmlns="urn:xmpp:features:rosterver"/>
        <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
        <compression xmlns="http://jabber.org/features/compress">
            <method>zlib</method>
        </compression>
    </stream:features>

I think we could think about disabling by default http://jabber.org/features/iq-auth while we are modifying list of defaults to make it better. ( %bmalkow - comment ? )

Artur Hefczyc commented 8 years ago

Why would you disable iq-auth? I mean the non-plain method, DIGEST-MD5 as far as I remember it is called, it does not send plain text password.

wojciech.kapcia@tigase.net commented 8 years ago

I've though that I had read somewhere that it was discouraged to support it by default but I can't find the source thus we can ignore this comment.

Type	New Feature
Priority	Normal
Assignee	Artur Hefczyc
RedmineID	4283
Version	tigase-server-7.1.0
Spent time	5h

Issue Votes (0)

Watchers (0)

Reference

tigase/_server/server-core#687