Aymeric,
Good to hear from you!

There’s been some discussion in the IETF which we haven’t resolved on how to handle this. I think you need to setup
different domains or realms each with one auth algorithm. If you offer two at the same time - what’s the point?
You are still wide open for downgrade attacks and haven’t accomplished much. 

I guess we will have to wait until the IETF resolves this issue, which propably applies to more protocols.
The big question is how to upgrade a user base to stronger authentication algorithms in HTTP Digest auth
without allowing downgrade attacks.

Cheers,
/O

On 16 Jun 2020, at 20:42, Henning Westerholt <hw@skalatan.de> wrote:

Hello,
 
take a look to this parameter, you can switch between MD5 and SHA256, but only use once at a time:
 
 
About planned features – I am not aware of major extensions in this module. Of course, any contribution is welcome.
 
Cheers,
 
Henning
 
-- 
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com
 
From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Aymeric Moizard
Sent: Monday, June 15, 2020 10:31 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: [SR-Users] MD5 and SHA-256 instead of MD5 or SHA-256...
 
Hi All,
 
I'd like to improve my setup by switching to SHA-256. 
However, as a first step, I would like to offer both MD5 and SHA-256
in 2 different WWW-Authenticate header.
 
If I'm correct, this is not doable with the latest auth module?
Is this a planned feature?
 
As an alternative, I would like to decide the algorithm in the script
instead of a module parameter. It looks to me this is also not doable?
Again, is this a planned feature?
 
Thanks to all,
 
Regards
Aymeric
 
-- 
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users