[
https://issues.apache.org/jira/browse/HBASE-29080?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Istvan Toth resolved HBASE-29080.
---------------------------------
Fix Version/s: 2.5.12
Resolution: Fixed
It has now been committed to all active branches.
Thanks for the reviews and comments [[email protected]] [~zhangduo] [~andor] .
> Validate Negotiated SASL QoP Against Requested
> ----------------------------------------------
>
> Key: HBASE-29080
> URL: https://issues.apache.org/jira/browse/HBASE-29080
> Project: HBase
> Issue Type: Bug
> Components: rpc, sasl
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.0.0, 2.7.0, 2.6.3, 2.5.12
>
>
> We currently do not verify that the negotiatied SASL QOP satisfies the
> requested QOP.
> Mechanisms that do support QOP are expected to abort negotation if they
> cannot satisfy the requirements, but mechanisms which do not support QOP will
> ignore the requested QOP property and successfully negotiate even if non-auth
> QOP was requested.
> Explicitly checking the negotiated QOP makes sure that no downgrade happens
> in the communication QOP.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
