module
XMPP::ScramDowngradeProtection
Overview
XEP-0474: SASL SCRAM Downgrade Protection Protects against downgrade attacks where an attacker forces the client to use a weaker authentication mechanism
Defined in:
xmpp/auth/scram_downgrade_protection.crClass Method Summary
-
.check_downgrade(selected_mechanism : AuthMechanism, available_mechanisms : Array(String), tls_available : Bool) : Bool
Check if downgrade protection should be enforced Returns true if a SCRAM-PLUS mechanism is available but a non-PLUS was selected
-
.select_mechanism(preferred_order : Array(AuthMechanism), available_mechanisms : Array(String), tls_available : Bool) : AuthMechanism | Nil
Get the recommended mechanism considering downgrade protection Prefers -PLUS variants when TLS is available
Class Method Detail
def self.check_downgrade(selected_mechanism : AuthMechanism, available_mechanisms : Array(String), tls_available : Bool) : Bool
#
Check if downgrade protection should be enforced Returns true if a SCRAM-PLUS mechanism is available but a non-PLUS was selected
def self.select_mechanism(preferred_order : Array(AuthMechanism), available_mechanisms : Array(String), tls_available : Bool) : AuthMechanism | Nil
#
Get the recommended mechanism considering downgrade protection Prefers -PLUS variants when TLS is available