[
https://issues.apache.org/jira/browse/PROTON-2502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531266#comment-17531266
]
Justin Ross commented on PROTON-2502:
-------------------------------------
Proposed resolution to one aspect of this: Take the SASL encryption code path
out of Proton. Users should use TLS for encryption.
> Stop using deprecated (and insecure) SASL mechanisms based on MD5
> -----------------------------------------------------------------
>
> Key: PROTON-2502
> URL: https://issues.apache.org/jira/browse/PROTON-2502
> Project: Qpid Proton
> Issue Type: Improvement
> Components: build
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Minor
>
> MD5 has been considered broken and hence insecure for about a decade now. We
> should stop requiring it to test proton so that we can build on machines
> configured without insecure SASL mechanisms.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
