[sasl] order mechanisms to prefer the most secure

The previous logic was: - use the preferred SASL mechanism if available - otherwise use the first supported mechanism offered by the server However RFC 6120, section 6.3.3 states: "The initiating entity MUST maintain its own preference order independent of the preference order of the receiving entity." The new logic is: - order our supported mechanisms from most secure to least secure - if the user sets QXmppConfiguration::saslMechanism, put it first - use the best mechanism supported by the server
author: Jeremy Lainé <jeremy.laine@m4x.org> 2019-01-17 23:25:37 +0100
committer: Jeremy Lainé <jeremy.laine@m4x.org> 2019-01-18 14:02:50 +0100
commit: 2a34abcd74d8d8369d81d9e4131d34185d9154a5 (patch)
tree: 1e4eaba43ff49bc34a317601b978bc2296eee2be /src/base/QXmppSasl.cpp
parent: bce9ca477709ae0876e7b7682034f49cdd010f27 (diff)
download: qxmpp-2a34abcd74d8d8369d81d9e4131d34185d9154a5.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/base/QXmppSasl.cpp b/src/base/QXmppSasl.cpp
index b47886f7..6d57ee09 100644
--- a/src/base/QXmppSasl.cpp
+++ b/src/base/QXmppSasl.cpp
@@ -272,8 +272,8 @@ QXmppSaslClient::~QXmppSaslClient()
 
 QStringList QXmppSaslClient::availableMechanisms()
 {
-    return QStringList() << "PLAIN" << "DIGEST-MD5" << "ANONYMOUS"
-                         << "SCRAM-SHA-1" << "SCRAM-SHA-256"
+    return QStringList() << "SCRAM-SHA-256" << "SCRAM-SHA-1" << "DIGEST-MD5"
+                         << "PLAIN" << "ANONYMOUS"
                          << "X-FACEBOOK-PLATFORM" << "X-MESSENGER-OAUTH2" << "X-OAUTH2";
 }
author	Jeremy Lainé <jeremy.laine@m4x.org>	2019-01-17 23:25:37 +0100
committer	Jeremy Lainé <jeremy.laine@m4x.org>	2019-01-18 14:02:50 +0100
commit	2a34abcd74d8d8369d81d9e4131d34185d9154a5 (patch)
tree	1e4eaba43ff49bc34a317601b978bc2296eee2be /src/base/QXmppSasl.cpp
parent	bce9ca477709ae0876e7b7682034f49cdd010f27 (diff)
download	qxmpp-2a34abcd74d8d8369d81d9e4131d34185d9154a5.tar.gz