SASL2 support (XEP-0388) #4112
Comments
|
Will include #3972 ? |
|
I added support for that (at least that part that that put that in features as part of tls-export implementation |
|
@mremond: A moment ago, I have done it here :) |
|
Commit efffc31 adds initial support for this. This is not yet fully completed, right now only mod_stream_mgmt recognized inline request, i will also add support for this to mod_carboncopy and mod_client_state. |
|
Hi there, we were going to implement this ourselves in a few months precisely for the fast session resumption, but what you have done looks excellent so thank you @prefiks One issue from our side in the testing: you have required that the connection is SSL terminated to ejabberd which is a reasonable enough assumption. However in our setup we terminate on a proxy layer in front of the ejabberd cluster (with a secure network between). Would it be possible for you to add a config option to force-enable sasl2 even if the connection does not seem encrypted to ejabberd itself? |
|
One issue with that will be that we will not be able to test validity of tls channel binding data, and that would require disabling -PLUS versions of authentication methods, it's something that could be done but it's something that you need to be aware of. But i guess option for that is something that can be added. |
|
Yes I mean obviously if we are not terminating TLS on ejabberd then most of those channel binding options are not available. Although as @iNPUTmice has pointed out to me we could probably do the |
|
@prefiks what's missing so this can be closed? |
|
@licaon-kter: Yes this ticket can be closed not the original yet. |
Add support to SASL 2 (https://xmpp.org/extensions/xep-0388.html).
Relates to #4107
The text was updated successfully, but these errors were encountered: