[
https://issues.apache.org/jira/browse/HBASE-29080?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth updated HBASE-29080:
--------------------------------
Summary: Validate Negotiated SASL QoP Against Requested (was: Validate
negotiated SASL QoP against requested)
> Validate Negotiated SASL QoP Against Requested
> ----------------------------------------------
>
> Key: HBASE-29080
> URL: https://issues.apache.org/jira/browse/HBASE-29080
> Project: HBase
> Issue Type: Bug
> Components: rpc, sasl
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
>
> We currently do not verify that the negotiatied SASL QOP satisfies the
> requested QOP.
> Mechanisms that do support QOP are expected to abort negotation if they
> cannot satisfy the requirements, but mechanisms which do not support QOP will
> ignore the requested QOP property and successfully negotiate even if non-auth
> QOP was requested.
> Explicitly checking the negotiated QOP makes sure that no downgrade happens
> in the communication QOP.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
