Changeset 91dd19c


Ignore:
Timestamp:
2015-07-30T03:20:30Z (9 years ago)
Author:
dequis <dx@…>
Branches:
master
Children:
e11216c
Parents:
adec749
Message:

Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported

Which in practice means "don't bother with DIGEST-MD5 most of the time".

It's weak, pointless over TLS, and often breaks with some servers
(hi openfire)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • protocols/jabber/sasl.c

    radec749 r91dd19c  
    154154                xt_free_node(reply);
    155155                return XT_ABORT;
    156         } else if (sup_digest) {
     156        } else if (sup_digest && !(jd->ssl && sup_plain)) {
     157                /* Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported.
     158                 * Which in practice means "don't bother with DIGEST-MD5 most of the time".
     159                 * It's weak, pointless over TLS, and often breaks with some servers (hi openfire) */
     160
    157161                xt_add_attr(reply, "mechanism", "DIGEST-MD5");
    158162
Note: See TracChangeset for help on using the changeset viewer.