What steps will reproduce the problem?
1. Connect to boese-ban.de server using SCRAM-SHA-1
What is the expected output? What do you see instead?
I'm not sure if the problem is on client or server side, but I do not understand that went wrong. I expected proceed TLS, but got malformed-request, see log.
Here is XMPP log
https://gist.github.com/grigoryfedorov/9bb8370794f5bf8a24410a0cc563fb9d
What version of the product are you using? On what operating system?
I use Smack 4.2.0 on android 7.1.2
I tried to connect to several Prosody servers. Current one is boese-ban.de running Prosody 0.10 nightly build 358 (2017-03-07, 30309fd01d76) according to xmpp.net
Please provide any additional information below.
I have successfully authorized using same Smack 4.2.0 and SCRAM-SHA-1 on Ejabberd.
I also successfully authorized to this server using other XMPP clients.
The server is offering SCRAM-SHA-1-PLUS, ie channel binding.
The client is sending a SASL message in the form of "y,,n=username,r=nonce".
The "y" means "I support channel binding but I don't think you do".
Per https://tools.ietf.org/html/rfc5802#section-6
> If the flag is set to "y" and the server supports channel
> binding, the server MUST fail authentication. This is because
> if the client sets the channel binding flag to "y", then the
> client must have believed that the server did not support
> channel binding -- if the server did in fact support channel
> binding, then this is an indication that there has been a
> downgrade attack (e.g., an attacker changed the server's
> mechanism list to exclude the -PLUS suffixed SCRAM mechanism
> name(s)).
So, Prosody is doing the right thing here and it's either a Smack bug or you are subject to an attack.
What steps will reproduce the problem? 1. Connect to boese-ban.de server using SCRAM-SHA-1 What is the expected output? What do you see instead? I'm not sure if the problem is on client or server side, but I do not understand that went wrong. I expected proceed TLS, but got malformed-request, see log. Here is XMPP log https://gist.github.com/grigoryfedorov/9bb8370794f5bf8a24410a0cc563fb9d What version of the product are you using? On what operating system? I use Smack 4.2.0 on android 7.1.2 I tried to connect to several Prosody servers. Current one is boese-ban.de running Prosody 0.10 nightly build 358 (2017-03-07, 30309fd01d76) according to xmpp.net Please provide any additional information below. I have successfully authorized using same Smack 4.2.0 and SCRAM-SHA-1 on Ejabberd. I also successfully authorized to this server using other XMPP clients.
Cross reference to the related Smack thread: https://community.igniterealtime.org/thread/60166
The server is offering SCRAM-SHA-1-PLUS, ie channel binding. The client is sending a SASL message in the form of "y,,n=username,r=nonce". The "y" means "I support channel binding but I don't think you do". Per https://tools.ietf.org/html/rfc5802#section-6 > If the flag is set to "y" and the server supports channel > binding, the server MUST fail authentication. This is because > if the client sets the channel binding flag to "y", then the > client must have believed that the server did not support > channel binding -- if the server did in fact support channel > binding, then this is an indication that there has been a > downgrade attack (e.g., an attacker changed the server's > mechanism list to exclude the -PLUS suffixed SCRAM mechanism > name(s)). So, Prosody is doing the right thing here and it's either a Smack bug or you are subject to an attack.
Changes