-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SASL2 support (XEP-0388) #4112
Comments
Will include #3972 ? |
I added support for that (at least that part that that put that in features as part of tls-export implementation |
@mremond: A moment ago, I have done it here :) |
Commit efffc31 adds initial support for this. This is not yet fully completed, right now only mod_stream_mgmt recognized inline request, i will also add support for this to mod_carboncopy and mod_client_state. |
Hi there, we were going to implement this ourselves in a few months precisely for the fast session resumption, but what you have done looks excellent so thank you @prefiks One issue from our side in the testing: you have required that the connection is SSL terminated to ejabberd which is a reasonable enough assumption. However in our setup we terminate on a proxy layer in front of the ejabberd cluster (with a secure network between). Would it be possible for you to add a config option to force-enable sasl2 even if the connection does not seem encrypted to ejabberd itself? |
One issue with that will be that we will not be able to test validity of tls channel binding data, and that would require disabling -PLUS versions of authentication methods, it's something that could be done but it's something that you need to be aware of. But i guess option for that is something that can be added. |
Yes I mean obviously if we are not terminating TLS on ejabberd then most of those channel binding options are not available. Although as @iNPUTmice has pointed out to me we could probably do the |
@prefiks what's missing so this can be closed? |
@licaon-kter: Yes this ticket can be closed not the original yet. |
Add support to SASL 2 (https://xmpp.org/extensions/xep-0388.html).
Relates to #4107
The text was updated successfully, but these errors were encountered: