--On Sunday, July 30, 2023 1:24 AM +0200 Julien ÉLIE
<julien@xxxxxxxxxxxxxxx> wrote:
Hi Quanah,
Looking at the changes, #773 (digestmd5: Drop the mechanism) is marked
for the 2.1.29 release but it seems that it is only in the master branch.
Correct. We're working on figuring out if the impact would be too large or
not. Generally the point of getting 2.1.29 out is to support OpenSSL3,
since all other OpenSSL releases will be historic soon. But OpenSSL3 does
not support des/rc4 or 3des, which are the only two options with the
current DIGEST-MD5 mechanism implmeneted in cyrus-sasl.
So the options are:
a) Remove DIGEST-MD5 support entirely (No one should be using it at this
point anyhow)
or
b) Implement AES in the DIGEST-MD5 mechanism. This would mean it's not
backwards compatible with older cyrus-sasl releases DIGEST-MD5 mechanisms,
so it's questionable if it's worth doing this effort.
Either way, cyurs-sasl 2.1.29 can't work with prior cyrus-sasl releases in
regards to DIGEST-MD5.
And yes, the preference is for people who need this type of SASL mechanism
is to use the newer SCRAM varieties.
--Quanah
------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/T204776f7816270a8-M2e6b1072e24cfb8b6277e976
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
