Hi, On 12/19/2014 08:36 PM, Mathieu Pasquet wrote: > Do we have any statistics (e.g. on jabber.org) about what proportion of > clients do not support any other mechanisms than PLAIN and DIGEST-MD5? > (though yes, PLAIN works well with hashed passwords, but should still be > avoided whenever possible) > > That would be enlightening.
ejabberd supports an option "disable_sasl_mechanisms" in 14.12. We used it to disable digest-md5 to mimics a switch to SCRAM-SHA1 before we made the actual switch. We have received a single report of a user not being able to connect, but he didn't reply after us asking what client he used. We have seen no observable drop in service usage. greetings, Mati (jabber.at) -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature