guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Burdine <pburd...@gmail.com>
Subject How do I enable TLS1.2 in Guacamole?
Date Wed, 03 Aug 2016 02:11:49 GMT
I have Guacamole up and running and talking to our older 2008r2 servers,
but on a few of them, it would not form an RDP connection no matter what I
tried.  I eventually narrowed it down to the TLS1.1/1.2 patch being
installed (https://support.microsoft.com/en-us/kb/3080079).  Once that is
installed, it appears I cannot get Guacamole to establish an RDP session.

After a bit of seaching, I found you can set the following registry value
which allows the server to drop back and use RDP encryption.  Even after
setting this value, the TLS and NLA will not work from Guacamole, it must
be set to RDP encryption.
HKLM\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp\SecurityLayer = 0

If I attempt TLS or NLA, I can see the following message in the Windows
Event log:
An TLS 1.0 connection request was received from a remote client
application, but none of the cipher suites supported by the client
application are supported by the server. The SSL connection request has
failed.

Is there anyway to enable TLS1.1/1.2 instead of using TLS1.0?

Configuration:
CentOS 7.2
Tomcat 8

Thanks,
Peter

Mime
View raw message