guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Prager (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (GUACAMOLE-274) Guacamole SHA SPDY conflict
Date Fri, 21 Apr 2017 20:45:04 GMT

    [ https://issues.apache.org/jira/browse/GUACAMOLE-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15979345#comment-15979345
] 

Matt Prager edited comment on GUACAMOLE-274 at 4/21/17 8:44 PM:
----------------------------------------------------------------

The Hash type. If you look over here - https://www.petri.com/cipher-best-practice-configure-iis-ssl-tls-protocol
- and scroll down to the picture in the middle, you'll see an image of SSL Labs Best Practices
for IIS. Under Hashes Enabled, you'll see all 5 hash types clicked. However, SPDY throws an
error unless MD5 and SHA are unselected and, as I mentioned before, Guacamole won't connect
over RDP unless SHA is selected, meaning SPDY and Guacamole are in conflict and I'm forced
to either having Guacamole work by enabling SHA but getting a million SPDY errors on the web
or having the web work fine but Guacamole unable to connect to my computer over RDP.


was (Author: mobamoba):
The Hash type. If you look over here and scroll down to the picture in the middle, you'll
see an image of SSL Labs Best Practices for IIS. Under Hashes Enabled, you'll see all 5 hash
types clicked. However, SPDY throws an error unless MD5 and SHA are unselected and, as I mentioned
before, Guacamole won't connect over RDP unless SHA is selected, meaning SPDY and Guacamole
are in conflict and I'm forced to either having Guacamole work by enabling SHA but getting
a million SPDY errors on the web or having the web work fine but Guacamole unable to connect
to my computer over RDP.

> Guacamole SHA SPDY conflict
> ---------------------------
>
>                 Key: GUACAMOLE-274
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-274
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 0.9.12-incubating
>         Environment: Ubuntu Xenial
>            Reporter: Matt Prager
>
> I use Guacamole to RDP into Windows Server 2016 and noticed the following issue: with
SHA disabled, Guacamole never logs in. With SHA enabled, Guacamole logs in but browsers that
use SPDY throw insecure protocol errors.
> The is easily reproducible using IISCrypto as enabling SHA immediately allows Guacamole
logon and disabling it then rebooting prevents it.
> My RDP security type is set to "any" if that matters.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message