Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-347

Negative SASL outome when "requireEncryption" isn't satisfied

    XMLWordPrintableJSON

Details

    • Wish
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 0.6.0
    • Backlog
    • None
    • None

    Description

      If we configure the router with requireEncryption set to true but the client connect using a SASL mechanism which doesn't support encryption (i.e. ANONYMOUS, PLAIN, ...) the SASL exchange goes well with a successful outcome but the router close the TCP connection brutally after that.
      The client doesn't have any reason why it happens.

      The SASL RFC (https://tools.ietf.org/html/rfc4422) in the "Authentication Outcome" says that "The outcome is not successful if ..." ... "the negotiated security layer (or lack thereof) is not suitable ...".
      I think that above scenario is a "lack" of requested security so the SASL outcome to the client shouldn't be positive but negative.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. DISPATCH-1028 requireSsl:true not working for http listeners

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              ppatierno Paolo Patierno
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: