[jira] [Commented] (KAFKA-18064) SASL mechanisms that do support neither integrity nor confidentality should throw exception on wrap/unwrap

Istvan Toth (Jira) Fri, 22 Nov 2024 01:01:16 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-18064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17900283#comment-17900283
 ]


Istvan Toth commented on KAFKA-18064:
-------------------------------------

This also applies to the other mechanims in the code base.

> SASL mechanisms that do support neither integrity nor confidentality should 
> throw exception on wrap/unwrap
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-18064
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18064
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>            Reporter: Istvan Toth
>            Priority: Major
>
> wrap/unwrap should throw an exception unless a non-auth QOP has been 
> negotiated.
> SCRAM only supports auth QOP, so wrap/unwrap should always throw 
> IllegalStateException.
> [https://docs.oracle.com/en/java/javase/23/docs/api/java.security.sasl/javax/security/sasl/SaslClient.html#unwrap(byte%5B%5D,int,int)]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-18064) SASL mechanisms that do support neither integrity nor confidentality should throw exception on wrap/unwrap

Reply via email to