I have been working on getting a Mac client connected to my broker and
workstations, and have found that this client specifically seems to be
using very old openssl options. I have had to update my servers to get the
SSH connections to work, and even had to do some patching to the
broker-daemon to force it to use TLSv1 to support these clients. I don't
have either of these issues with my Ubuntu client, so I am even running two
broker daemons on different ports just so these clients can have weaker
options.
Is there a newer client, for Mac, or can one be compiled with the exact
same client code, just with update libraries for ssl?
My edits thus far are as follows to support this version:
x2go-server:
add +diffie-hellman-group14-sha1 to sshd_config
x2go-broker-daemon (whith https certs):
Force TLSv1 to be supported, and update ciphers to allow security level 1
(needed for TLS1)
+ context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ context.set_ciphers("DEFAULT:@SECLEVEL=1")
+
context.load_cert_chain(x2gobroker.defaults.X2GOBROKER_SSL_CERTFILE,
x2gobroker.defaults.X2GOBROKER_KEYFILE)
+ http_server = tornado.httpserver.HTTPServer(application,
ssl_options=context)
_______________________________________________
x2go-user mailing list
x2go-user@lists.x2go.org
https://lists.x2go.org/listinfo/x2go-user
