Istvan Toth created HBASE-29080: ----------------------------------- Summary: Validate negotiated SASL QOP against requested Key: HBASE-29080 URL: https://issues.apache.org/jira/browse/HBASE-29080 Project: HBase Issue Type: Bug Components: rpc, sasl Reporter: Istvan Toth Assignee: Istvan Toth
We currently do not verify that the negotiatied SASL QOP satisfies the requested QOP. Mechanisms that do support QOP are expected to abort negotation if they cannot satisfy the requirements, but mechanisms which do not support QOP will ignore the requested QOP property and successfully negotiate even if non-auth QOP was requested. Explicitly checking the negotiated QOP makes sure that no downgrade happens in the communication QOP. -- This message was sent by Atlassian Jira (v8.20.10#820010)