From 53e8ec1e8d818f7316459beb9cb2cbf45abd1284 Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Tue, 24 Feb 2026 08:43:55 +0100
Subject: [PATCH] Always indicate support for channel binding in SASL header

This commit breaks logging in on servers that announce a -PLUS variant for
SCRAM but do not support XEP-0440.

On servers that do not support XEP-0440, we previously decided to use no
channel binding because picking "none" was better than picking an
unsupported one and failing the login.

However, this behaviour also required us to indicate that we did not
support channel binding; otherwise, the server, seeing an unknown binding
mechanism, would fail our login.

This was a decision made for the broadest possible compatibility with the
pre-0440 ecosystem.

Note that the y flag wasn't the only security layer. Conversations also
uses pinning (if you logged in once with -PLUS, it won't fall back) and
XEP-0474 (basically a fancy version of the y flag).

In addition there is a setting in Conversations to always require Channel
Binding. This will also automatically be turned on for conversations.im
and quicksy.im.

It has now been two years since XEP-0440 was released for ejabberd and
Prosody, and our compatibility concerns have shifted: if you want to have
-PLUS on your server, please update the server to support XEP-0440.
---
 .../eu/siacs/conversations/crypto/sasl/ScramMechanism.java   | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
index db6f717033d6549b02a21bd1c24e99acea4dc487..9fc6dff754f605cff3cc2d16b80cad724f47c603 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
@@ -56,10 +56,7 @@ public abstract class ScramMechanism extends SaslMechanism {
         super(account);
         this.channelBinding = channelBinding;
         if (channelBinding == ChannelBinding.NONE) {
-            // TODO this needs to be changed to "y,," for the scram internal down grade protection
-            // but we might risk compatibility issues if the server supports a binding that we don’t
-            // support
-            this.gs2Header = "n,,";
+            this.gs2Header = "y,,";
         } else {
             this.gs2Header =
                     String.format(