Project

General

Profile

Feature #10691

Want rdesktop with GSS-API and TLS v1.3

Added by Espen Martinsen 5 months ago. Updated 22 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
OI-Userland
Target version:
Start date:
2019-04-03
Due date:
% Done:

50%

Estimated time:
Difficulty:
Medium
Tags:

Description

Hi,
I use openindiana/hipster daily as core OS, and have been using rdesktop against some terminal-servers to do work on window-machines.
Lately it has become more common to deny connections not supporting credSSP and TLSv3 (1,3?)

Therefore - I wish openindiana/hipster could switch from rdesktop, to xfreerdp or remmina, using "libgssglue".

History

#1

Updated by Alexander Pyhalov 4 months ago

Hi. Currently we ship rdesktop 1.8.3, which supports CredSSP. To use it, first you should get kerberos ticket with kinit. Then you can use rdesktop -u 'user@DOMAIN' host.

#2

Updated by Espen Martinsen 4 months ago

Hi Alexander,
I rtied that but the WTS I'm need to access will just accept TLSv1.3 if I understand it correctly. My solution is VIrtualbox w/debian stretch + xfreerdp/remmina. Works for now.
It might get in there if/when openSSL1.1 or higher and rdesktop 1.8.4+ is coming. I can wait!

-e

#3

Updated by Michal Nowak 3 months ago

  • Subject changed from I wish openindiana/hipser will support a modern "rdesktop" to Want rdesktop with GSS-API and TLS v1.3
  • Category set to OI-Userland
  • Status changed from New to Feedback
  • Assignee set to Michal Nowak
  • Target version set to Hipster
  • % Done changed from 0 to 50
  • Tags deleted (needs-triage)

Espen, for this request to be satisfied rdesktop needs to be updated to the development/master branch, and thus warrants more testing that usual.

Here's the proposed PR: https://github.com/OpenIndiana/oi-userland/pull/5025.

Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?

#4

Updated by Michal Nowak 3 months ago

Michal Nowak wrote:

Here's the proposed PR: https://github.com/OpenIndiana/oi-userland/pull/5025.

Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?

Now the PR is ready to be tested. Feedback is required to proceed.

#5

Updated by Espen Martinsen 2 months ago

Michal Nowak wrote:

Can you build it yourself and test Kerberos and TLS with VirtualBox and Windows?

Now the PR is ready to be tested. Feedback is required to proceed.

Hi,
I managed to clone oi-userland, and build component desktop/rdesktop, but unsure how to put pull/5025 on top of it.
can you help?

-espenM

#7

Updated by Espen Martinsen 2 months ago

Michal Nowak wrote:

Try https://patch-diff.githubusercontent.com/raw/OpenIndiana/oi-userland/pull/5025.patch and rebuild.

Hi,
1.st try, did not work well,

I've now found out that it is TLS1.2, and tried with -V 1.2 and a correct KRB-ticket. none,
Then I found out that the CLIENT need to be a member of the domain, not just the user.
This will be my next test. but have to simulate it in a LAB-environment.
I'll report back!
-espenM
#8

Updated by Ben Franck about 2 months ago

Please note that xfreerdp client compiles easily on Hipster

#9

Updated by Michal Nowak about 1 month ago

Espen, any news on this with TLS 1.2? TLS 1.3 in OpenSSL will only come when we move to OpenSSL 1.1.1, and in GNU TLS with 3.6. In both cases, no plans for the transition yet.

#10

Updated by Michal Nowak 22 days ago

Espen, Ben: Is FreeRDP working for you with VirtualBox on OpenIndiana? If so, can you advise on what version you use, which compile-time option you use etc? I can't make it work: https://github.com/FreeRDP/FreeRDP/issues/5504.

#11

Updated by Michal Nowak 22 days ago

Of course, I was missing -pthread...

Also available in: Atom PDF