guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Burdine <>
Subject Re: How do I enable TLS1.2 in Guacamole?
Date Wed, 03 Aug 2016 02:49:56 GMT
A bit more info, I ran guad -L debug -f and it shows the following:
guacd[12699]: INFO:     Protocol "rdp" selected
guacd[12699]: INFO:     Connection ID is
guacd[12699]: INFO:     Security mode: NLA
guacd[12699]: DEBUG:    Client resolution is 1040x1022 at 96 DPI
guacd[12699]: DEBUG:    Using resolution of 1040x1022 at 96 DPI
guacd[12699]: INFO:     Loading keymap "base"
guacd[12699]: INFO:     Loading keymap "en-us-qwerty"
guacd[12699]: DEBUG:    Client cursor image set to generic built-in pointer.
guacd[12699]: DEBUG:    Using raw encoder (audio/L16;rate=44100,channels=2)
with a 44100 byte buffer.
connected to my-server-name-here:3389
creating directory /root/.freerdp/certs
SSL_connect: I/O error
guacd[12699]: ERROR:    Error connecting to RDP server
guacd[12699]: INFO:     Connection did not succeed

I had the following libraries installed when I built guacd (I just rebuilt
it to verify):
Name        : freerdp-devel
Arch        : x86_64
Version     : 1.0.2

Name        : openssl-devel
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e

I confirmed that the RDP server is rejecting TLS1 and accepting TLS1.2 by
openssl s_client -connect my-server-name-here:3389 -tls1_2
openssl s_client -connect my-server-name-here:3389 -tls1

Is there anything else I can look into?


On Tue, Aug 2, 2016 at 7:11 PM, Peter Burdine <> wrote:

> I have Guacamole up and running and talking to our older 2008r2 servers,
> but on a few of them, it would not form an RDP connection no matter what I
> tried.  I eventually narrowed it down to the TLS1.1/1.2 patch being
> installed (  Once that is
> installed, it appears I cannot get Guacamole to establish an RDP session.
> After a bit of seaching, I found you can set the following registry value
> which allows the server to drop back and use RDP encryption.  Even after
> setting this value, the TLS and NLA will not work from Guacamole, it must
> be set to RDP encryption.
> HKLM\SYSTEM\CurrentControlSet\Control\Terminal
> Server\WinStations\RDP-Tcp\SecurityLayer = 0
> If I attempt TLS or NLA, I can see the following message in the Windows
> Event log:
> An TLS 1.0 connection request was received from a remote client
> application, but none of the cipher suites supported by the client
> application are supported by the server. The SSL connection request has
> failed.
> Is there anyway to enable TLS1.1/1.2 instead of using TLS1.0?
> Configuration:
> CentOS 7.2
> Tomcat 8
> Thanks,
> Peter

View raw message