[jboss-jira] [JBoss JIRA] (ELY-1283) Channel binding SASL mechanisms should be preferred by Elytron clients
David Lloyd (JIRA)
issues at jboss.org
Thu Jul 13 11:21:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13435456#comment-13435456 ]
David Lloyd commented on ELY-1283:
----------------------------------
The right approach for this might be for the SASL server and client factories to _only_ offer PLUS mechanisms when binding data is available, and _only_ offer non-PLUS when it is not.
> Channel binding SASL mechanisms should be preferred by Elytron clients
> ----------------------------------------------------------------------
>
> Key: ELY-1283
> URL: https://issues.jboss.org/browse/ELY-1283
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Farah Juma
> Priority: Critical
>
> The *\*-PLUS* SASL mechanisms (i.e. variants with channel binding) should be preferred by Elytron over the non-plus ones.
> The channel binding [RFC-5056|https://tools.ietf.org/html/rfc5056#section-2.1] in section 2.1 states:
> {noformat}
> * If the authentication protocol used by the application supports
> channel binding, the application SHOULD use it.
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list