Robbie Gemmell commented on PROTON-950:

For me it was a case of sensitivity to mechanism order in certain [not entirely 
understood] situations, where ANONYMOUS was still being picked because it was 
offered before PLAIN. If other mechanisms were offered later in the list (e.g 
DIGEST-MD5) they were chosen instead of ANONYMOUS as would be expected. 
Ensuring PLAIN was offered before ANONYMOUS allowed it to be chosen if the 
toggle was enabled.

> SASL PLAIN over cleartext should be supported
> ---------------------------------------------
>                 Key: PROTON-950
>                 URL: https://issues.apache.org/jira/browse/PROTON-950
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.10
>            Reporter: Ted Ross
>            Assignee: Andrew Stitcher
>            Priority: Blocker
>             Fix For: 0.10, 0.11
> In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if 
> the connection is encrypted (using SSL).  This is a surprising change of 
> behavior from earlier versions of Proton and it's arguable that a security 
> policy like that should be left to the application using the Proton library.

This message was sent by Atlassian JIRA

Reply via email to