[
https://issues.apache.org/jira/browse/PROTON-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14653533#comment-14653533
]
Gordon Sim commented on PROTON-950:
-----------------------------------
I think my preferred option would also be to allow PLAIN regardless of whether
SSL is in use by default, but to clearly log a warning every time PLAIN is used
over an unencrypted transport (along with a brief message as to how to prevent
this). That way people become very aware of the problem and how to avoid it,
but it doesn't cause hard to debug issues when first trying to get an example
running.
> SASL PLAIN over cleartext should be supported
> ---------------------------------------------
>
> Key: PROTON-950
> URL: https://issues.apache.org/jira/browse/PROTON-950
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.10
> Reporter: Ted Ross
> Assignee: Andrew Stitcher
> Priority: Blocker
> Fix For: 0.10
>
>
> In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if
> the connection is encrypted (using SSL). This is a surprising change of
> behavior from earlier versions of Proton and it's arguable that a security
> policy like that should be left to the application using the Proton library.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
