You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2023/05/17 23:26:00 UTC

[jira] [Closed] (GUACAMOLE-1674) RDP NLA security mode incompatible with FIPS

     [ https://issues.apache.org/jira/browse/GUACAMOLE-1674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mike Jumper closed GUACAMOLE-1674.
----------------------------------
    Fix Version/s:     (was: 1.6.0)
       Resolution: Fixed

> RDP NLA security mode incompatible with FIPS 
> ---------------------------------------------
>
>                 Key: GUACAMOLE-1674
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1674
>             Project: Guacamole
>          Issue Type: Bug
>            Reporter: James Muehlner
>            Assignee: Mike Jumper
>            Priority: Major
>             Fix For: 1.5.2
>
>
> RDP connections established when guacd is running on a FIPS-enabled server do not work with the NLA security method. 
> This appears to be due to FIPS-compatible ciphers not being implemented when using NLA security mode. 
> For more information, see the following bug report: [https://github.com/FreeRDP/FreeRDP/issues/5746]
> It seems like this issue might possibly have been fixed in FreeRDP master in [this PR|[https://github.com/FreeRDP/FreeRDP/pull/7934],] but the changes are unreleased (and involve a major version bump to FreeRDP 3), so it's unlikely that we'll be able to use that fix, assuming it works, until Guacamole is fully migrated to a released version of FreeRDP 3.
> For now, we should probably just explicitly disable the NLA mode on the Guacamole side if FIPS is enabled, logging a warning if needed.
> Related: GUACAMOLE-1669



--
This message was sent by Atlassian Jira
(v8.20.10#820010)