-
Enhancement
-
Resolution: Done
-
Major
-
None
-
None
In ASYM_ENCRYPT, encrypt_entire_message encrypts not only the payload, but also metadata such as destination and sender's address, headers and flags.
The rationale was to prevent replay attacks. However, this is not an issue, as replayed messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).
If people still want this feature, they can write a protocol above ASYM_ENCRYPT, which serializes the entire message into the payload of a new message, and this would be exactly the same as setting encrypt_entire_message to true.
- is related to
-
JBEAP-19681 JBoss EAP 7.2 Configuration Guide References Deprecated Property
- Closed