[debian-edu-commits] debian-edu/pkg-team/ 148/159: nevermind, I found out about RDP crypto (better than rumours, but…):
Dominik George
natureshadow-guest at moszumanska.debian.org
Tue Feb 23 10:04:35 UTC 2016
This is an automated email from the git hooks/post-receive script.
natureshadow-guest pushed a commit to branch master
in repository xrdp.
commit c315819107c2bbfeb9c070901e6c8c7003eadce7
Author: mirabilos <tg at mirbsd.org>
Date: Wed Sep 2 18:48:08 2015 +0200
nevermind, I found out about RDP crypto (better than rumours, but…):
• RDP native crypto is RC4 (but not vulnerable in the same way as HTTPS)
with 128-bit keys (acceptable)
• RDP native crypto can be MITM’d because there is absolutely no way
to verify the server except by comparing the server cert at the
client side (which nobody does)
• RDP can use SSL crypto (which these files are for, tbd figure out
where to put the chain), which is RDP5-style encryption
‣ TLSv1.0
‣ supported by rdesktop but it doesn’t check the certificate u_U
‣ can cause freerdp to crash
Guacamole does its own protocol over HTTP/HTTPS and translates on
the Guacamole server side. As long as the RDP server is running on
the same host, this should be okay.
cf. http://guac-dev.org/doc/gug/guacamole-architecture.html
Other uses could be via SSH tunneling or some kind of VPN.
---
README.Debian | 3 ---
1 file changed, 3 deletions(-)
diff --git a/README.Debian b/README.Debian
index b826420..472399a 100644
--- a/README.Debian
+++ b/README.Debian
@@ -6,9 +6,6 @@ Use at your own risk and inform your users that privacy is possibly not
guaranteed as all users can attach to RDP users’ sessions locally.
See also: https://github.com/neutrinolabs/xrdp/issues/264
-Furthermore, the package maintainers would like to know what the log
-messages about /etc/xrdp/cert.pem and /etc/xrdp/key.pem are good for.
-
The pulseaudio plugin from sesman/chansrv/pulse should be installed
but cannot be built due to lack of a pulseaudio-modules-dev package
in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794692
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/xrdp.git
More information about the debian-edu-commits
mailing list