Hi Stefan, https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog "sha256 is now used instead of sha1 to fingerprint certificates." - sha1 is considered insecure in general. You can also question whether self-signed certs are secure at all.. i.e. you are definitely better of using trusted certificates and training your end users to cancel any connections with certificate warnings/errors. Good to know some distros pick up 2.0.0. Best Regards, Joachim
> -----Ursprüngliche Nachricht----- > Von: Stefan Sichler via FreeRDP-devel <freerdp-devel@lists.sourceforge.net> > Gesendet: Freitag, 17. April 2020 11:21 > An: freerdp-devel@lists.sourceforge.net > Betreff: [FreeRDP-devel] Certificate Thumbprint changed -> looks like a > security breach > > Hi freerdp developers, > > I'm using remmina / xfreerdp2 on an Linux Mint 19.3 x64 system, based on > Ubuntu 18.04. > When the freerdp2 package was recentry updated to version > 2.0.0~git202004061153- > 0+remmina202004061300.rc367f65.d287a1e7~ubuntu18.04.1 > from the remmina-next ppa on launchpad, > suddently the reported connection certificate thumbprint changed. > > It is now obiously _different_ to the one reported by the RDP server > itself. I'm connecting to a Windows 10. > > For me as end-user this looks like a security breach / MitM-attack. > Is this a known issue? > > Can you please comment on this? > > Thank you! > Best regards > Stefan > > > _______________________________________________ > FreeRDP-devel mailing list > FreeRDP-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/freerdp-devel _______________________________________________ FreeRDP-devel mailing list FreeRDP-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
