You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by gabriel sztejnworcel <ga...@gmail.com> on 2020/01/29 22:29:59 UTC

Guacamole and FIPS

Hi,

Is there an issue with running Guacamole on a machine with FIPS enabled?

We tried that, and RDP connections fail with "protocol negotiation failure"
error. We also saw an error message saying that it tried to use MD5 hashing
which is not FIPS compliant.

I'm not sure if it's directly related to Guacamole, it might be related to
FreeRDP or OpenSSL, I'm interested to know if someone was able to get this
working.

Thanks,
Gabriel

Re: Guacamole and FIPS

Posted by Nick Couchman <vn...@apache.org>.

On Thu, Jan 30, 2020 at 4:53 AM gabriel sztejnworcel <ga...@gmail.com>
wrote:

> Thanks Nick.
> We ruled out the "simple" security layer issues (NLA, TLS, certificate
> validation, ...), we are quite the connection is blocked because of FIPS.
>
>
Okay, we would need some more detailed information to help track this
down...
- Presumably it works with other RDP clients (not Guacamole)?
- If you put guacd into debug mode, what messages do you get?
- What RDP server are you connecting to?
- What package versions (FreeRDP, OpenSSL, Guacamole server/client, etc.)

-Nick

Re: Guacamole and FIPS

Posted by gabriel sztejnworcel <ga...@gmail.com>.

Thanks Nick.
We ruled out the "simple" security layer issues (NLA, TLS, certificate
validation, ...), we are quite the connection is blocked because of FIPS.

On Thu, 30 Jan 2020 at 00:36, Nick Couchman <vn...@apache.org> wrote:

> On Wed, Jan 29, 2020 at 5:30 PM gabriel sztejnworcel <
> gabriel.560@gmail.com> wrote:
>
>> Hi,
>>
>> Is there an issue with running Guacamole on a machine with FIPS enabled?
>>
>>
> I don't know of any reason it wouldn't work.
>
>
>> We tried that, and RDP connections fail with "protocol negotiation
>> failure" error. We also saw an error message saying that it tried to use
>> MD5 hashing which is not FIPS compliant.
>>
>>
> You might need to adjust what security protocol you're using for RDP - try
> TLS or NLA.
>
> -Nick
>

Re: Guacamole and FIPS

Posted by Nick Couchman <vn...@apache.org>.

On Wed, Jan 29, 2020 at 5:30 PM gabriel sztejnworcel <ga...@gmail.com>
wrote:

> Hi,
>
> Is there an issue with running Guacamole on a machine with FIPS enabled?
>
>
I don't know of any reason it wouldn't work.


> We tried that, and RDP connections fail with "protocol negotiation
> failure" error. We also saw an error message saying that it tried to use
> MD5 hashing which is not FIPS compliant.
>
>
You might need to adjust what security protocol you're using for RDP - try
TLS or NLA.

-Nick