Neustradamus :xmpp: :linux:#Openfire 5.1.0 has been released ( #XMPP / #XMPPServer / #Jabber / #Java / #IgniteRealtime / #Wildfire / #JiveMessenger / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #ChannelBinding / #TLSChannelBinding ) https://igniterealtime.org/
#XMPP #Java: Important news: #IgniteRealtime #Openfire 5.1.0 will support #ChannelBinding (#TLSExporter / #TLSServerEndPoint / #TLSUnique): #SCRAMSHA1PLUS in more #SCRAMSHA1. Maybe #SCRAMSHA256 and #SCRAMSHA256PLUS too. Initial security request here from 2019: https://web.archive.org/web/20201020085731/https://discourse.igniterealtime.org/t/scram-sha-1-and-scram-sha-1-plus-scram-sha-256-plus-supports/84006
SCRAM-SHA-1 and SCRAM-SHA-1-PLUS + SCRAM-SHA-256(-PLUS) supports
I think that there was a bug in Ignite Realtime Discourse, publication has been removed ^^ Users and devs request informations about SCRAM in more SCRAM-SHA-1, the missing SCRAM-SHA-1-PLUS point from RFC6120 (March 2011) and SCRAM-SHA-256(-PLUS): SCRAM-SHA-1-PLUS (RFC5802 + RFC6120) SCRAM-SHA-256(-PLUS) (RFC7677 + draft-ietf-mile-xmpp-grid) Why not SCRAM-SHA-512(-PLUS). Source: Salted Challenge Response Authentication Mechanism (SCRAM): SASL and GSS-API Mechanisms: https://tools.ietf.org/...
#Conversations 2.17.9 has been released (#Jabber / #XMPP / #Android / #OMEMO / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
#Conversations 2.17.8 has been released (#Jabber / #XMPP / #Android / #OMEMO / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
#Conversations 2.17.5 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
#Conversations 2.17.2 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
#Conversations 2.17.0 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
#Cheogram 2.15.3-1 has been released (#Sopranica / #Conversations / #Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://cheogram.com/
#Conversations 2.16.2 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
Daniel GultschI'm going to be at the Berlin XMPP Meetup on Wednesday, December 13th to talk about the attack on Jabber.ru and possible counter measures.
#XMPP #MITM #channelbinding
#XMPP #MITM #channelbinding