Add support for SCRAM-SHA-1-PLUS, SCRAM-SHA-256(-PLUS) and more in Jitsi products (Desktop/Meet/etc.)

“When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802]”.

There is only SCRAM-SHA-1, there is not SCRAM-SHA-1-PLUS:

  • RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:
  • RFC6120: Extensible Messaging and Presence Protocol (XMPP): Core:

There is not SCRAM-SHA-256(-PLUS):

I add SCRAM-SHA-512(-PLUS):

-PLUS variants:

  • RFC5056: On the Use of Channel Bindings to Secure Channels:
  • RFC5929: Channel Bindings for TLS:
  • Channel-Binding Types:

LDAP:

  • RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets:

HTTP:

  • RFC7804: Salted Challenge Response HTTP Authentication Mechanism:

IANA:

  • Simple Authentication and Security Layer (SASL) Mechanisms:

Already supported servers:

  • Isode M-Link: SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS)
  • Jackal XMPP Server: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS)
  • Metronome IM: SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS)
  • Prosody IM 0.12.x-dev: SCRAM-SHA-256(-PLUS)
  • Tigase XMPP Server 8.0.0: SCRAM-SHA-1(-PLUS) and SCRAM-SHA-256(-PLUS)
  • Tigase XMPP Server 8.0.x-dev: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS)
  • Tigase XMPP Server 8.1.x-dev: SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS)

Linked to: