You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "David S. Jones (Jira)" <ji...@apache.org> on 2022/09/06 20:20:00 UTC

[jira] [Commented] (GUACAMOLE-1598) Windows 7 TLS/NLA compatibility issue with openssl3

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17600967#comment-17600967 ] 

David S. Jones commented on GUACAMOLE-1598:
-------------------------------------------

Unfortunately we have to support a lot of win7 and more than a few 2008r2. Since the fix has been in freerdp for almost 4 years and that's about the time we went to freerdp2, I'd like to think we could assume current guacd builds would have it. If we had a client setting for that wouldn't it just get ignored if the particular guacd build didn't have that setting available? I'd really prefer a client setting rather than force the default=0.

> Windows 7 TLS/NLA compatibility issue with openssl3
> ---------------------------------------------------
>
>                 Key: GUACAMOLE-1598
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1598
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: RDP
>    Affects Versions: 1.4.0
>            Reporter: Michael Saxl
>            Priority: Major
>
> Openssl 3.0 raised the default tls security level parameters.
> This has the effect that Widows 7 / Windows 2008r2 do not work in tls/nla/ext security mode, only rdp security works, but this requires disabling nla on the remote machine.
> xfreerdp has a parameter named /tls-seclevel that if set to 0 solves this problem, but settings this to such a low value should only be done if the user really requests it.
> Remmina will get this parameter too.
>  
> internally in the settings structure the attribute is named setting->TlsSecLevel



--
This message was sent by Atlassian Jira
(v8.20.10#820010)