Robbie Gemmell commented on PROTON-950:

Can anyone clue me in on how you would enable the new transport flag 
client-side with the python reactive bits, to allow connecting to a server 
offering PLAIN without using SSL? I had a look but didn't see a way to do so. 
My interest is for new or existing users connecting to servers that e.g only 
support PLAIN (and possibly ANONYMOUS), such as ActiveMQ or some others, who 
are doing so without SSL.

This all also makes me wonder if the default shouldn't be the other way round 
(particularly if there is actually no easy way to use the new transport option 
in some cases). I believe the engine allows ANONYMOUS and no-SASL-layer by 
default currently, so it seems strange that we would deny use of PLAIN in the 
same situtation. The argument for allowing ANONYMOUS was that it eased initial 
pickup by new developers, and that people will secure their production setups; 
it feels to me that essentially the same argument applies for PLAIN without SSL 
and that treating them differently is perhaps a bit inconsistent.

> SASL PLAIN over cleartext should be supported
> ---------------------------------------------
>                 Key: PROTON-950
>                 URL: https://issues.apache.org/jira/browse/PROTON-950
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.10
>            Reporter: Ted Ross
>            Assignee: Andrew Stitcher
>            Priority: Blocker
>             Fix For: 0.10
> In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if 
> the connection is encrypted (using SSL).  This is a surprising change of 
> behavior from earlier versions of Proton and it's arguable that a security 
> policy like that should be left to the application using the Proton library.

This message was sent by Atlassian JIRA

Reply via email to