[
https://issues.apache.org/jira/browse/HBASE-29080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17935284#comment-17935284
]
Istvan Toth commented on HBASE-29080:
-------------------------------------
Committed to branch-2 and branch-2.6 .
The patch does not apply to cleanly to branch-2.5.
> Validate Negotiated SASL QoP Against Requested
> ----------------------------------------------
>
> Key: HBASE-29080
> URL: https://issues.apache.org/jira/browse/HBASE-29080
> Project: HBase
> Issue Type: Bug
> Components: rpc, sasl
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.0.0, 2.7.0, 2.6.3
>
>
> We currently do not verify that the negotiatied SASL QOP satisfies the
> requested QOP.
> Mechanisms that do support QOP are expected to abort negotation if they
> cannot satisfy the requirements, but mechanisms which do not support QOP will
> ignore the requested QOP property and successfully negotiate even if non-auth
> QOP was requested.
> Explicitly checking the negotiated QOP makes sure that no downgrade happens
> in the communication QOP.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
