Re: [wildfly-dev] Removing curl support from management HTTP
So the big problem is that http digest has not been updated to use stronger crypto hash.
There is a proposed RFC but no one has implemented it.
We could implement it and contribute that to curl as well but I suspect we still need
standard digest compatibility until most OS's have caught up with that version of
curl.
Alternatively we could move to SSL by default, and switch to plain with scrypt and solve
the various challenges there.
On Jan 8, 2014, at 11:02 AM, Darran Lofthouse
<darran.lofthouse(a)jboss.com> wrote:
> On 08/01/14 15:39, Thomas Segismont wrote:
> Le 08/01/2014 15:36, Darran Lofthouse a écrit :
>> Not necessarily, new features are being discussed regarding
>> authentication at this point I am just trying to confirm if my
>> perception that users are using tools like curl is actually true ;-)
>
> Sorry this is maybe a stupid question but what do you mean by "curl
> support"? Is there anything special done when the HTTP client is curl?
As it stands today as we are only using the standard HTTP authentication
mechanisms there is nothing special other than maybe a --digest argument
to make a call using curl.
>
> Thomas
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev