[
https://issues.apache.org/jira/browse/PROTON-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14654247#comment-14654247
]
Robbie Gemmell commented on PROTON-950:
---------------------------------------
For me it was a case of sensitivity to mechanism order in certain [not entirely
understood] situations, where ANONYMOUS was still being picked because it was
offered before PLAIN. If other mechanisms were offered later in the list (e.g
DIGEST-MD5) they were chosen instead of ANONYMOUS as would be expected.
Ensuring PLAIN was offered before ANONYMOUS allowed it to be chosen if the
toggle was enabled.
> SASL PLAIN over cleartext should be supported
> ---------------------------------------------
>
> Key: PROTON-950
> URL: https://issues.apache.org/jira/browse/PROTON-950
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.10
> Reporter: Ted Ross
> Assignee: Andrew Stitcher
> Priority: Blocker
> Fix For: 0.10, 0.11
>
>
> In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if
> the connection is encrypted (using SSL). This is a surprising change of
> behavior from earlier versions of Proton and it's arguable that a security
> policy like that should be left to the application using the Proton library.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
