Andor Molnar created ZOOKEEPER-4889:
---------------------------------------
Summary: In SASL auth DIGEST-MD5 fallback should be disabled in
Fips mode
Key: ZOOKEEPER-4889
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4889
Project: ZooKeeper
Issue Type: Bug
Components: java client, security, server
Affects Versions: 3.9.3, 3.8.4, 3.10
Reporter: Andor Molnar
Assignee: Andor Molnar
FIPS doesn't allow using MD5 algorithm, so it should be disabled at all times.
When we create SASL client there's a fallback code path: if Kerberos doesn't
work for some reason, we try to use DIGEST-MD5 mech instead. We already have a
fips-mode property, so let's disable this code patch if the property is enabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
