You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "David S. Jones (Jira)" <ji...@apache.org> on 2022/09/06 20:20:00 UTC
[jira] [Commented] (GUACAMOLE-1598) Windows 7 TLS/NLA compatibility issue with openssl3
[ https://issues.apache.org/jira/browse/GUACAMOLE-1598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17600967#comment-17600967 ]
David S. Jones commented on GUACAMOLE-1598:
-------------------------------------------
Unfortunately we have to support a lot of win7 and more than a few 2008r2. Since the fix has been in freerdp for almost 4 years and that's about the time we went to freerdp2, I'd like to think we could assume current guacd builds would have it. If we had a client setting for that wouldn't it just get ignored if the particular guacd build didn't have that setting available? I'd really prefer a client setting rather than force the default=0.
> Windows 7 TLS/NLA compatibility issue with openssl3
> ---------------------------------------------------
>
> Key: GUACAMOLE-1598
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1598
> Project: Guacamole
> Issue Type: Improvement
> Components: RDP
> Affects Versions: 1.4.0
> Reporter: Michael Saxl
> Priority: Major
>
> Openssl 3.0 raised the default tls security level parameters.
> This has the effect that Widows 7 / Windows 2008r2 do not work in tls/nla/ext security mode, only rdp security works, but this requires disabling nla on the remote machine.
> xfreerdp has a parameter named /tls-seclevel that if set to 0 solves this problem, but settings this to such a low value should only be done if the user really requests it.
> Remmina will get this parameter too.
>
> internally in the settings structure the attribute is named setting->TlsSecLevel
--
This message was sent by Atlassian Jira
(v8.20.10#820010)