-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports #2940
Comments
PHPMailer doesn't support IMAP at all, so this is all irrelevant. |
@Synchro: It must be added for SMTP like old and unsecure mechanisms. You can see old and unsecure mechanisms here:
Other projects have already SCRAM. SCRAM-SHA-*-(PLUS) replaces old unsecure SCRAM-MD5, DIGEST-MD5 and CRAM-MD5. Thanks in advance. |
You're really missing the point here. A lack of support for newer protocols has no bearing on whether we should drop older ones because it's not a client library's call to make. There's no "must" about it. It's all academic anyway – there is almost no security difference between any of them if you're using them over TLS. |
Dear @PHPMailer team,
It is time to support secure mechanisms, and it is needed in RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2.
Can you add supports of :
You can add too:
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]".
SCRAM-SHA-1(-PLUS):
-- https://tools.ietf.org/html/rfc5802
-- https://tools.ietf.org/html/rfc6120
SCRAM-SHA-256(-PLUS):
-- https://tools.ietf.org/html/rfc7677 since 2015-11-02
-- https://tools.ietf.org/html/rfc8600 since 2019-06-21: https://mailarchive.ietf.org/arch/msg/ietf-announce/suJMmeMhuAOmGn_PJYgX5Vm8lNA
SCRAM-SHA-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
SCRAM-SHA3-512(-PLUS):
-- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
https://xmpp.org/extensions/inbox/hash-recommendations.html
-PLUS variants:
IMAP:
LDAP:
HTTP:
2FA:
IANA:
Linked to:
The text was updated successfully, but these errors were encountered: