diff options
| author | dequis <dx@dxzone.com.ar> | 2015-07-30 00:20:30 -0300 | 
|---|---|---|
| committer | dequis <dx@dxzone.com.ar> | 2015-07-30 00:20:30 -0300 | 
| commit | 91dd19caf16790c3b77818f8efd6cabaca209ecf (patch) | |
| tree | aa7cff61ad891ed62461056bfd35fbfdcf0f257f /protocols | |
| parent | adec7492dd1ed55e12dfb959414a9a2c3605deed (diff) | |
Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported
Which in practice means "don't bother with DIGEST-MD5 most of the time".
It's weak, pointless over TLS, and often breaks with some servers
(hi openfire)
Diffstat (limited to 'protocols')
| -rw-r--r-- | protocols/jabber/sasl.c | 6 | 
1 files changed, 5 insertions, 1 deletions
| diff --git a/protocols/jabber/sasl.c b/protocols/jabber/sasl.c index beb53fdd..86f428c9 100644 --- a/protocols/jabber/sasl.c +++ b/protocols/jabber/sasl.c @@ -153,7 +153,11 @@ xt_status sasl_pkt_mechanisms(struct xt_node *node, gpointer data)  		imc_logout(ic, FALSE);  		xt_free_node(reply);  		return XT_ABORT; -	} else if (sup_digest) { +	} else if (sup_digest && !(jd->ssl && sup_plain)) { +		/* Only try DIGEST-MD5 if there's no SSL/TLS or if PLAIN isn't supported. +		 * Which in practice means "don't bother with DIGEST-MD5 most of the time". +		 * It's weak, pointless over TLS, and often breaks with some servers (hi openfire) */ +  		xt_add_attr(reply, "mechanism", "DIGEST-MD5");  		/* The rest will be done later, when we receive a <challenge/>. */ | 
