From 2a34abcd74d8d8369d81d9e4131d34185d9154a5 Mon Sep 17 00:00:00 2001 From: Jeremy Lainé Date: Thu, 17 Jan 2019 23:25:37 +0100 Subject: [sasl] order mechanisms to prefer the most secure The previous logic was: - use the preferred SASL mechanism if available - otherwise use the first supported mechanism offered by the server However RFC 6120, section 6.3.3 states: "The initiating entity MUST maintain its own preference order independent of the preference order of the receiving entity." The new logic is: - order our supported mechanisms from most secure to least secure - if the user sets QXmppConfiguration::saslMechanism, put it first - use the best mechanism supported by the server --- src/client/QXmppConfiguration.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/client/QXmppConfiguration.cpp') diff --git a/src/client/QXmppConfiguration.cpp b/src/client/QXmppConfiguration.cpp index 817e8ee6..9b56b7c5 100644 --- a/src/client/QXmppConfiguration.cpp +++ b/src/client/QXmppConfiguration.cpp @@ -90,7 +90,6 @@ QXmppConfigurationPrivate::QXmppConfigurationPrivate() , ignoreSslErrors(false) , streamSecurityMode(QXmppConfiguration::TLSEnabled) , nonSASLAuthMechanism(QXmppConfiguration::NonSASLDigest) - , saslAuthMechanism("DIGEST-MD5") { } @@ -501,8 +500,6 @@ void QXmppConfiguration::setNonSASLAuthMechanism( } /// Returns the preferred SASL authentication mechanism. -/// -/// Default value: "DIGEST-MD5" QString QXmppConfiguration::saslAuthMechanism() const { @@ -511,7 +508,8 @@ QString QXmppConfiguration::saslAuthMechanism() const /// Sets the preferred SASL authentication \a mechanism. /// -/// Valid values: "PLAIN", "DIGEST-MD5", "ANONYMOUS", "X-FACEBOOK-PLATFORM" +/// Valid values: "SCRAM-SHA-256", "SCRAM-SHA-1", "DIGEST-MD5", "PLAIN", "ANONYMOUS", +// "X-FACEBOOK-PLATFORM", "X-MESSENGER-OAUTH2", "X-OAUTH2" void QXmppConfiguration::setSaslAuthMechanism(const QString &mechanism) { -- cgit v1.2.3