[jira] [Updated] (ZOOKEEPER-4889) Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

Kezhu Wang (Jira) Mon, 07 Jul 2025 07:25:06 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kezhu Wang updated ZOOKEEPER-4889:
----------------------------------
    Affects Version/s:     (was: 3.10)

> Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode
> ----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4889
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4889
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client, security, server
>    Affects Versions: 3.8.4, 3.9.3
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>              Labels: FIPS, SASL, pull-request-available
>             Fix For: 3.10.0, 3.8.5, 3.9.4
>
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> FIPS doesn't allow using MD5 algorithm, so it should be disabled at all 
> times. When we create SASL client there's a fallback code path: if Kerberos 
> doesn't work for some reason, we try to use DIGEST-MD5 mech instead. We 
> already have a fips-mode property, so let's disable this code patch if the 
> property is enabled.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-4889) Fallback to DIGEST-MD5 auth mech should be disabled in Fips mode

Reply via email to