Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preferer a higher SecurityMode over SecurityLevel in CoreClientUtils.… #1405

Merged
merged 1 commit into from
May 20, 2021
Merged

Preferer a higher SecurityMode over SecurityLevel in CoreClientUtils.… #1405

merged 1 commit into from
May 20, 2021

Conversation

nschermer
Copy link
Contributor

…SelectEndpoint()

Normally a server should give a higher SecurityLevel when SignAndEncrypt is used, but often this is messed up. The sample client preferes SignAndEncrypt over the SecurityLevel, so it seems to make sense to do the same in this function.

The Siemens server I tested returns the following list:
afbeelding

Where securityLevel is 1, 2, 3, 4 in this list. So when selecting by only the SecurityLevel, the last item is used (Sign - Basic256).

Kepware does this a bit better and gives the highest level score to SignAndEncrypt.

Reference server gives SignAndEncrypt a +100 score.

@nschermer
Preferer a higher SecurityMode over SecurityLevel in CoreClientUtils.…
66e8fff 
…SelectEndpoint()

Normally a server should give a higher SecurityLevel when SignAndEncrypt is used, but often this is messed up. The sample client preferes SignAndEncrypt over the SecurityLevel, so it seems to make sense to do the same in this function.
@CLAassistant
Copy link

CLAassistant commented May 19, 2021
edited

CLA assistant check
All committers have signed the CLA.

AlinMoldovean
AlinMoldovean approved these changes May 20, 2021
View reviewed changes
Copy link
Contributor

@AlinMoldovean AlinMoldovean left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems ok.
Anyway, it is just a workaround for a bad server implementation.
The specs says for EndpointDescription.SecurityLevel - "A higher value indicates better security."

mregen
mregen approved these changes May 20, 2021
View reviewed changes
Copy link
Contributor

@mregen mregen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, makes sense to me..

@AlinMoldovean AlinMoldovean merged commit 6d23272 into OPCFoundation:master May 20, 2021
@nschermer nschermer deleted the main branch May 20, 2021 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mregen mregen mregen approved these changes

@AlinMoldovean AlinMoldovean AlinMoldovean approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nschermer @CLAassistant @mregen @AlinMoldovean