@ejabberd_c2s:process_auth_result/3:304 (tls|<0.684.0>) Failed c2s SCRAM-SHA-1-PLUS authentication from hidden_by_ejabberd

[bestperson-free]

Hi, I'm trying to authorize users using sha512, and clients write an unsupported server. The server was raised from scratch by Debian 12.

auth_method: internal 
auth_password_format: scram
auth_scram_hash: sha512 
use_cache: true
cache_life_time: 3600

2025-02-07 00:57:35.305046+03:00 [warning] <0.684.0>@ejabberd_c2s:process_auth_result/3:304 (tls|<0.684.0>) Failed c2s SCRAM-SHA-1-PLUS authentication from hidden_by_ejabberd: Unsupported mechanism
2025-02-07 00:57:35.324774+03:00 [warning] <0.685.0>@ejabberd_c2s:process_auth_result/3:304 (tls|<0.685.0>) Failed c2s SCRAM-SHA-1-PLUS authentication from hidden_by_ejabberd: Unsupported mechanism

256 it doesn't connect either

2025-02-07 01:10:20.390097+03:00 [warning] <0.685.0>@ejabberd_c2s:process_auth_result/3:304 (tls|<0.685.0>) Failed c2s SCRAM-SHA-1-PLUS authentication from hidden_by_ejabberd: Unsupported mechanism

How can I fix or downgrade the version to 256, and then just to sha?

[licaon-kter]

The users created the account when the setting was at 512? 256? scram?

[bestperson-free]

First I installed

auth_method: internal
auth_password_format: scram
auth_scram_hash: sha512 
use_cache: true
cache_life_time: 3600 

Then I created accounts, now I changed them to 256, and ejabberdctl change_password username your. domain newpassword, it didn't help

[licaon-kter]

But that's the thing, the new hash is created only on password change or account creation. You can't switch them from the server.

[licaon-kter]

You can upgrade them (only!) when this is fixed: #4301

But the basic idea is: choose one, create accounts, don't change it. Else users need (you) to reset their passwords

[bestperson-free]

I don't understand how it is?

1. I installed the server
2. registered in the config what is above
3. registered users
   Now by downgrading the version to sha and changing the passwords, ejabberdctl change_password username is your. newpassword domain, I still got authorization without errors

auth_method: internal
auth_password_format: scram
#auth_scram_hash: sha512 
use_cache: true
cache_life_time: 3600 

But I would like sha512 or sha256

"You can upgrade them (only!) when this is fixed: #4301"
I follow it and understand it, but what I'm doing doesn't overlap with it
As I can see [here] (#3607) also did not decide

[bestperson-free]

I logged out of all the clients ' conversations, changed it back to, tried logging in, and again got an error. Am I doing something wrong, or is it just broken? Thanks

auth_method: internal
auth_password_format: scram
auth_scram_hash: sha512 
use_cache: true
cache_life_time: 3600 

2025-02-07 20:47:53.502731+03:00 [warning] <0.718.0>@ejabberd_c2s:process_auth_result/3:304 (tls|<0.718.0>) Failed c2s SCRAM-SHA-1-PLUS authentication from hidden_by_ejabberd: Unsupported mechanism

It turned out to be launched only on MonoCles Chat 256 and 512 it is good, also and gajim connect, it does not connect to Conversation, not at 512, not 256 Sha

[bestperson-free]

Using version 2.17.10 solved the problem