Feature #10691
closed
Want rdesktop with GSS-API and TLS v1.3
50%
Description
Hi,
I use openindiana/hipster daily as core OS, and have been using rdesktop against some terminal-servers to do work on window-machines.
Lately it has become more common to deny connections not supporting credSSP and TLSv3 (1,3?)
Therefore - I wish openindiana/hipster could switch from rdesktop, to xfreerdp or remmina, using "libgssglue".
Updated by Alexander Pyhalov over 4 years ago
Hi. Currently we ship rdesktop 1.8.3, which supports CredSSP. To use it, first you should get kerberos ticket with kinit. Then you can use rdesktop -u 'user@DOMAIN' host.
Updated by Espen Martinsen over 4 years ago
Hi Alexander,
I rtied that but the WTS I'm need to access will just accept TLSv1.3 if I understand it correctly. My solution is VIrtualbox w/debian stretch + xfreerdp/remmina. Works for now.
It might get in there if/when openSSL1.1 or higher and rdesktop 1.8.4+ is coming. I can wait!
-e
Updated by Michal Nowak over 4 years ago
- Subject changed from I wish openindiana/hipser will support a modern "rdesktop" to Want rdesktop with GSS-API and TLS v1.3
- Category set to OI-Userland
- Status changed from New to Feedback
- Assignee set to Michal Nowak
- Target version set to Hipster
- % Done changed from 0 to 50
- Tags deleted (
needs-triage)
Espen, for this request to be satisfied rdesktop needs to be updated to the development/master branch, and thus warrants more testing that usual.
Here's the proposed PR: https://github.com/OpenIndiana/oi-userland/pull/5025.
Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?
Updated by Michal Nowak over 4 years ago
Michal Nowak wrote:
Here's the proposed PR: https://github.com/OpenIndiana/oi-userland/pull/5025.
Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?
Now the PR is ready to be tested. Feedback is required to proceed.
Updated by Espen Martinsen over 4 years ago
Michal Nowak wrote:
Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?
Now the PR is ready to be tested. Feedback is required to proceed.
Hi,
I managed to clone oi-userland, and build component desktop/rdesktop, but unsure how to put pull/5025 on top of it.
can you help?
-espenM
Updated by Michal Nowak over 4 years ago
Updated by Espen Martinsen over 4 years ago
Michal Nowak wrote:
Try https://patch-diff.githubusercontent.com/raw/OpenIndiana/oi-userland/pull/5025.patch and rebuild.
Hi,
1.st try, did not work well,
I've now found out that it is TLS1.2, and tried with -V 1.2 and a correct KRB-ticket. none,
Then I found out that the CLIENT need to be a member of the domain, not just the user.
This will be my next test. but have to simulate it in a LAB-environment.I'll report back!
-espenM
Updated by Ben Franck over 4 years ago
Please note that xfreerdp client compiles easily on Hipster
Updated by Michal Nowak about 4 years ago
Espen, any news on this with TLS 1.2? TLS 1.3 in OpenSSL will only come when we move to OpenSSL 1.1.1, and in GNU TLS with 3.6. In both cases, no plans for the transition yet.
Updated by Michal Nowak about 4 years ago
Espen, Ben: Is FreeRDP working for you with VirtualBox on OpenIndiana? If so, can you advise on what version you use, which compile-time option you use etc? I can't make it work: https://github.com/FreeRDP/FreeRDP/issues/5504.
Updated by Andreas Wacknitz almost 4 years ago
PR#5025 has been merged. Can we close this ticket?
Updated by Espen Martinsen almost 4 years ago
Andreas Wacknitz wrote:
PR#5025 has been merged. Can we close this ticket?
Hi,
This PR can be closed!
-espen M
Updated by Michal Nowak almost 4 years ago
- Status changed from Feedback to Resolved