[ https://issues.apache.org/jira/browse/QPID-1899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12755429#action_12755429 ]
Gordon Sim commented on QPID-1899: ---------------------------------- Ken, What authentication mechanism did you use? The intended semantics is that it fails to allow connection over tcp to succeed unless a mechanism supporting encryption is selected and a sufficiently high SSF is used on that. What I see is that with authentication enabled, unencrypted mechanisms such as ANONYMOUS or PLAIN are not included in the list of supported mechanisms and if the client attempts to use them it gets an error. The broker also logs an error of the form: 'mech ANONYMOUS is too weak'. Are you seeing something different? --Gordon. > --require-encryption doesn't work unless cyrus sasl authentication is turned > on > ------------------------------------------------------------------------------- > > Key: QPID-1899 > URL: https://issues.apache.org/jira/browse/QPID-1899 > Project: Qpid > Issue Type: Bug > Components: C++ Broker > Affects Versions: 0.5 > Reporter: Gordon Sim > Assignee: Gordon Sim > Fix For: 0.6 > > Attachments: qpid-1899-hacky.patch > > > If you specify --require-encryption and --auth no then the broker will allow > un-encrypted conections. (If on the other hand you have authentication on, it > will prevent you connecting with anything other than a mech that supports > encryption and will require an encrypting sasl security layer - or of course > an ssl connection) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org