digest-md5 mechanism doesn't work

[edwintorok]

I get 'not authorized' when trying to connect to openfire, and out.txt in jackline says it tried to use DIGEST-MD5.

For now I worked this around by disabling DIGEST-MD5 completely (the connection is secured using STARTTLS, so PLAIN is fine for me):

-      if List.mem "DIGEST-MD5" m then
-        sasl_digest session_data password nextstep
-      else if List.mem "PLAIN" m then
+      if List.mem "PLAIN" m then

Please provide a way to configure what SASL mechanisms to use, and let me know if I can provide any info on debugging why DIGEST-MD5 doesn't work.

[hannesm]

could you paste the SASL-parts from the log? for me, digest-md5 works...

[Neustradamus]

Please note that DIGEST-MD5 is not secure, it must be SCRAM-SHA-X(-PLUS)...

[ermine]

On Mon, Sep 28, 2020 at 09:27:21PM -0700, Neustradamus wrote:

Please note that DIGEST-MD5 is not secure, it must be SCRAM-SHA-X(-PLUS)... Yeah, the library is very old! I do not use OCaml anymore.> -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/ermine/xmpp/issues/4#issuecomment-700418573

[edwintorok]

Well I wasn't trying to use digest-md5, I was trying to avoid using it (the server was offering it and the client was choosing that over plain, and failed to work). The problematic openfire installation doesn't exist anymore so unfortunately I can't provide logs to debug why digest-md5 doesn't work.