If the Java broker is configured to use the Base64MD5Password password database the Java client is unable to connect even if they use the sasl_mechs broker option in the connection URL (sasl_mechs='CRAM-MD5-HASHED').
Instead the user sees:
The user can work around the problem by passing the -Dqpid.amqp.version system property to the client, and selecting a protocol < 0-10.
The problem is happening because on the 0-10 code path on the client, the SASL CallbackHandler in use is hardcoded to UsernamePasswordCallbackhandler (ClientDelegate), rather than using the facilities of CallbackHandlerRegistry (as does the 0-8 and 0-9* code paths). CRAM-MD5-HASHED requires the use of a different Callbackhandler.
This also inhibits the use of custom SASL methods by the client.