guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitry Katsubo <dm...@mail.ru>
Subject Re: Connect to VNC server with SSL
Date Thu, 25 Apr 2019 11:48:57 GMT
On 2019-04-25 11:08, Idhren wrote:
> what ? weird ! I had to edit my post because the "raw" tag didn't work ...
> Anyways, without any encoding then:
>
> Catalina:
>
> 24/04/2019 14:51:32 Using Anonymous Diffie-Hellman mode.
> 24/04/2019 14:51:32 loaded Diffie Hellman 1024 bits, 0.000s
> 24/04/2019 14:51:32 SSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no
shared cipher
Idhren,

It looks that the server cannot agree with the client on what cipher to use. Check that you
have right certificate for Diffie-Hellman (check issue#2572 <https://github.com/openssl/openssl/issues/2572>),
and / or reconfigure the server/client so that they use same set of ciphers. To list the ciphers
that server supports you can use the following command:

# nmap --script ssl-enum-ciphers -p 20000 127.0.0.1
Starting Nmap 6.47 ( http://nmap.org )
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00013s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   SSLv3: No supported ciphers found
|   TLSv1.0:
|     ...
|   TLSv1.1:
|     ...
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong

-- 
With best regards,
Dmitry


Mime
View raw message