[jira] [Updated] (ZOOKEEPER-4889) Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

Andor Molnar (Jira) Sun, 24 Nov 2024 10:56:11 -0800


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andor Molnar updated ZOOKEEPER-4889:
------------------------------------
    Summary: Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode  
(was: In SASL auth DIGEST-MD5 fallback should be disabled in Fips mode)

> Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode
> ----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4889
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4889
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client, security, server
>    Affects Versions: 3.8.4, 3.10, 3.9.3
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>              Labels: FIPS, SASL
>
> FIPS doesn't allow using MD5 algorithm, so it should be disabled at all 
> times. When we create SASL client there's a fallback code path: if Kerberos 
> doesn't work for some reason, we try to use DIGEST-MD5 mech instead. We 
> already have a fips-mode property, so let's disable this code patch if the 
> property is enabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-4889) Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

Reply via email to