Closed Neustradamus closed 5 months ago
Hello @Neustradamus, unfortunately, I have no idea how to do this... may be you can search (or ask people) in the xmpp.js library used by wep-xmpp.
Otherwise I won't be able to implement this feature.
@nioc: xmpp.js development has been stopped several years ago and does not support recent SCRAM versions. Hope that you can look to solve it and to permit to use a better SCRAM for security and to look to add -PLUS variants (TLS Channel Binding).
There is strophejs a better support for example.
SCRAM and JavaScript:
This is a huge project, since the entire application is based on this library... if someone wants to handle it, we'll reopen the ticket...
@nioc: With your reaction, I can inform you that an unsolved ticket which is closed, there will have never a solution.
It is important to keep this ticket opens.
Describe the bug
Dear @nioc,
Can you add supports of :
You can add too:
RFC8600: https://tools.ietf.org/html/rfc8600 (2019-06-21): "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS): -- https://tools.ietf.org/html/rfc5802 -- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS): -- https://tools.ietf.org/html/rfc7677 since 2015-11-02 -- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS): -- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
SCRAM BIS: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: -- https://tools.ietf.org/html/draft-melnikov-scram-bis
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
Steps to reproduce
*
Expected behavior
*
Relevant log
No response
local.js configuration
No response
XMPP-web version
*
Installation
Docker image
XMPP server(s)
Prosody IM, ejabberd, Tigase XMPP Server, other
Browser(s)
No response
Device(s)
No response
Other information
No response