search

processone / xmpp

Erlang/Elixir XMPP parsing and serialization library on top of Fast XML
http://process-one.net
Apache License 2.0
137 stars 88 forks source link

Implement XEP-0474: SASL SCRAM Downgrade Protection #79

Closed tmolitor-stud-tu closed 11 months ago

tmolitor-stud-tu commented 11 months ago

The exact rationale and multiple examples why this specification fills an important gap in our XMPP security infrastructure is detailed in the XEP.

The XEP is really simple, though, and should be easy to implement in ejabberd.

It is already implemented for prosody at https://modules.prosody.im/mod_sasl_ssdp.html

prefiks commented 11 months ago

Commit 01e41061e6adb8569ed595a2b0701a2b91db83b0 brings support for version 0.3.0 of that protocol.

tmolitor-stud-tu commented 11 months ago

@prefiks Great, thanks!

Neustradamus commented 10 months ago

@badlop: Do not forget this XEP-0474 too ;)