Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-707

Support shorter SCRAM conversation

XMLWordPrintableJSON

    • Type: Icon: Epic Epic
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: None
    • Labels:
      None
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      GODRIVER-1390 Fixed 1.4.0
      RUBY-1994 Fixed 2.13.0.beta1
      JAVA-3491 Fixed 4.1.0
      CDRIVER-3418 Fixed 1.17.0-beta, 1.17.0
      CSHARP-2833 Fixed 2.11.0
      CXX-1867 Gone away
      PYTHON-2029 Fixed 3.11
      NODE-2301 Fixed 3.6.0
      MOTOR-448 Works as Designed
      PHPC-1478 Fixed 1.8.0-beta1, 1.8.0
      RUST-366 Fixed 1.2.0
      SWIFT-791 Fixed 1.1.0
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion GODRIVER-1390 Fixed 1.4.0 RUBY-1994 Fixed 2.13.0.beta1 JAVA-3491 Fixed 4.1.0 CDRIVER-3418 Fixed 1.17.0-beta, 1.17.0 CSHARP-2833 Fixed 2.11.0 CXX-1867 Gone away PYTHON-2029 Fixed 3.11 NODE-2301 Fixed 3.6.0 MOTOR-448 Works as Designed PHPC-1478 Fixed 1.8.0-beta1, 1.8.0 RUST-366 Fixed 1.2.0 SWIFT-791 Fixed 1.1.0

      Epic Summary

       

      Summary

      This project will shorten the SCRAM conversation between client and server. The SCRAM handshake involves the following steps:

      1. The client advertises the name of the user it wishes to authenticate as.
      2. The server replies with user-specific mechanism parameters
      3. The client sends a proof of knowledge derived from the parameters and the password.
      4. The server replies with a proof that it knew the password.
      5. The client sends an empty message.
      6. The server replies with an empty message, along with the 
        {done: true}

        flag.

      We will remove steps 5 and 6, and the server will advertise 

      {done: true}

      in step 4.

      Clients can opt into the shorter SCRAM conversation with the following saslStart command:

      {
  saslStart: 1,
  mechanism: 'SCRAM-SHA-256',
  options: { skipEmptyExchange: true },
  payload: '...',
}

      Note that older server versions will ignore the options, so no wire version check is required. The options can be sent to all server versions. Older server versions will just continue to use the longer SASL conversations, so clients needing to authenticate to pre-4.4 servers have to be able to handle both types of exchanges. 

      Documentation

      Relevant spec change

            Assignee:
            Unassigned Unassigned
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: