Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8648

[Broker-J] Allow for max frame size >4096 before Open frame (SASL)

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • qpid-java-broker-9.0.0
    • qpid-java-broker-9.1.1
    • Broker-J
    • None


      some modern authentication options (XOAUTH2 + JWT) require frames larger then 4096. consider if the max frame size (before an Open frame negotiation) should be larger or should be configurable with some sort of configuration or env variable.


      from a discussion on the mailing list

      The SASL process occurs first, before the Open frame. The Open frames
      are what carries each peers advertised max frame size, mainly aimed at
      later message deliveries. The AMQP 1.0 spec defines before this
      however that the SASL frames can be at-most the 'min max frame size',
      which is fixed at 512 bytes, with no way to negotiate anything larger.

      As you can probably tell, that presents a problem if things in the
      SASL negotiation want to be larger, such as is likely in e.g a newer
      XOAUTH2 mechanism that didnt exist when that decision was originally

      To simply allow some of these newer alternative mechs to work, it was
      decided to just allow things to exceed the 512byte limit since both
      sides would have to already agree on using a given mech to begin with,
      so doing an alternative like creating a custom multi-challenge
      batching sequence to shuffle the bytes wasnt really going to be adding
      much except significant complexity.

      It appears broker-j allows up to 4096, and you have now found
      something to exceed even that. It doesnt look like it allows
      configuring it, but increasing that seems to be the only option that
      would help here.



          This comment will be Viewable by All Users Viewable by All Users


            Unassigned Unassigned
            danlangford Dan Langford




                Issue deployment