Hi Harry,
legacy encryption will still be include
You will be able to configure xrdp's security layer as follows: TLS only ,
RDP only or Negotiate mode (server will accept the highest compatible sec
layer agreed between client & server).
Not sure about release yet.
Idan.
On Mon, Aug 25, 2014 at 2:05 AM, Harry Johnston <ha...@waikato.ac.nz> wrote:
> Excellent, and thanks for clarifying that. (I wasn't sure whether
> Microsoft's client supported using the newer protocol without also using
> RDP 6.0 or later, the version it was introduced with.)
>
> I presume that either the legacy encryption protocol won't be included at
> all, or that there will be an option to disable it? We would still
> consider a machine potentially at risk if it allowed connections using the
> insecure protocol, since we would have no realistic way to be certain that
> nobody was using an older client. Also, OpenVAS appears to correctly
> detect whether a machine is or is not allowing insecure connections, so it
> would be desirable on that front too.
>
> Any sort of idea when this is likely to be released? If it is only a
> month or two it would probably make sense for me to hold off on any further
> action, but if it is more likely to be a year, say, I should probably go
> ahead.
>
> Harry.
>
>
>
> On 23 August 2014 18:19, speidy <spe...@gmail.com> wrote:
>
>> Hi Harry,
>>
>> TLS is supported by all well-known clients today (freerdp, rdesktop,
>> mstsc, itap).
>>
>> It is referres as 'RDP Enhanced Security' mode at ms docs.
>>
>> Idan.
>> On Aug 23, 2014 5:11 AM, "Harry Johnston [via XRDP Devel]" <[hidden
>> email] <http://user/SendEmail.jtp?type=node&node=4025667&i=0>> wrote:
>>
>>> Jay,
>>>
>>> Thanks. Yes, that was my understanding; the vulnerability is in the
>>> protocol, so it affects all Microsoft-compatible RDP (5.2 or earlier)
>>> software. I think it is clear that this is not widely understood, though,
>>> and this is what concerns me at present.
>>>
>>> We're moving to TLS encryption in xrdp now and this is almost working
>>>> in devel branch. TLS encryption is a more industry standard way to
>>>> encrypt the RDP traffic.
>>>>
>>>
>>> Excellent. What clients does this support? Is it compatible with
>>> Microsoft's Remote Desktop client (on Vista and later)?
>>>
>>> Harry.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>> Slashdot TV.
>>> Video for Nerds. Stuff that matters.
>>> http://tv.slashdot.org/
>>> _______________________________________________
>>> xrdp-devel mailing list
>>> [hidden email] <http://user/SendEmail.jtp?type=node&node=4025666&i=0>
>>> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>>>
>>>
>>> ------------------------------
>>> If you reply to this email, your message will be added to the
>>> discussion below:
>>>
>>> http://xrdp-devel.766250.n3.nabble.com/Xrdp-devel-CVE-2005-1794-tp4025659p4025666.html
>>> To start a new topic under XRDP Devel, email [hidden email]
>>> <http://user/SendEmail.jtp?type=node&node=4025667&i=1>
>>> To unsubscribe from XRDP Devel, click here.
>>> NAML
>>> <http://xrdp-devel.766250.n3.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>>
>>
>> ------------------------------
>> View this message in context: Re: [Xrdp-devel] CVE-2005-1794
>> <http://xrdp-devel.766250.n3.nabble.com/Xrdp-devel-CVE-2005-1794-tp4025659p4025667.html>
>> Sent from the XRDP Devel mailing list archive
>> <http://xrdp-devel.766250.n3.nabble.com/> at Nabble.com.
>>
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds. Stuff that matters.
>> http://tv.slashdot.org/
>> _______________________________________________
>> xrdp-devel mailing list
>> xrdp-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>>
>>
>
--
Idan Freiberg
Mobile: +972-52-2925213
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
