Istvan Toth created HBASE-29080:
-----------------------------------

             Summary: Validate negotiated SASL QOP against requested
                 Key: HBASE-29080
                 URL: https://issues.apache.org/jira/browse/HBASE-29080
             Project: HBase
          Issue Type: Bug
          Components: rpc, sasl
            Reporter: Istvan Toth
            Assignee: Istvan Toth


We currently do not verify that the negotiatied SASL QOP satisfies the 
requested QOP.

Mechanisms that do support QOP are expected to abort negotation if they cannot 
satisfy the requirements, but mechanisms which do not support QOP will ignore 
the requested QOP property and successfully negotiate even if non-auth QOP was 
requested.

Explicitly checking the negotiated QOP makes sure that no downgrade happens in 
the communication QOP.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to