[jboss-remoting-issues] [JBoss JIRA] Updated: (JBREM-941) SRP SASL integrity/confidentiality protection is failing
David Lloyd (JIRA)
jira-events at lists.jboss.org
Tue Mar 25 21:16:40 EDT 2008
[ http://jira.jboss.com/jira/browse/JBREM-941?page=all ]
David Lloyd updated JBREM-941:
------------------------------
Complexity: Medium
There might be a problem where if one side of the connection calculates a different max keysize than the other (due to export policy restrictions for example), then the two sides might negotiate different keys - better read over the spec again to be sure.
http://tools.ietf.org/html/draft-burdis-cat-srp-sasl-08
If this is true, we might have to do a separate max keysize negotiation before we start the SRP stuff. Yuck.
> SRP SASL integrity/confidentiality protection is failing
> --------------------------------------------------------
>
> Key: JBREM-941
> URL: http://jira.jboss.com/jira/browse/JBREM-941
> Project: JBoss Remoting
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: David Lloyd
> Fix For: 3.0.0-M3
>
>
> See JrppConnection.java (getSaslProperties) - enable the commented-out line and watch SRP blow up.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list