Requires qop-based authentication
Opened this issue · 0 comments
samizdatco commented
the module currently lacks backward compatibility with clients that don't provide ‘qop’ fields in the Authorize header. according to the RFC the server should work without it, but is it worth supporting the less secure version of an already not-bulletproof authentication scheme?