How to configure encryption ciphers in Xvnc

[Andy]

Hey so I have some strict requirements on what encryption ciphers we are allowed to use.

Basically I need it to use either TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 or TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384. 

From the viewer side I'm able to restrict the ciphers available to it by modifying the java argument inside of the vncviewer script:

 and adding on the options -Djava.security.properties=/opt/test/java.security.restictive -Djavax.net.debug=ssl

Now I get an SSL Handshake error when I try to connect - I think its because Xvnc doesn't support the 2 ciphers that I'm trying to use. 

How would I go about enabling the two ciphers from the server (Xvnc) side? I'd prefer to not have to recompile, but I'm not afraid to.

Thanks!

[Andy]

I think it would also be helpful to post the parameters that I'm using to launch it too - 

Server

/opt/TurboVNC/bin/vncserver -SecurityTypes X509Vnc -x509cert /home/user/ca/certs/localhost.cert.pem -x509key /home/user/ca/certs/localhost.key.pem -rfbauth /home/user/ca/t.file

Viewer

/home/user/my_vnc_viewer -x509ca /home/user/ca/certs/CA.cert.pem -passwd /home/user/ca/t.file localhost:2

[DRC]

I did some digging, and unfortunately there is no way to enable/disable
OpenSSL ciphers on a system-wide or per-user basis. They have to be
configured on a per-application basis. I will investigate adding a new
TurboVNC security configuration file property for this, as it seems like
something that would be generally useful.

[Andy]

That would be awesome

Thanks!

[DRC]

Is it necessary to restrict the ciphers on the server end, or would it
be acceptable to simply enable ECDH ciphers in the server and restrict
them on the client end?

The basic problem is that the TurboVNC Server's OpenSSL wrapper doesn't
currently enable ECDH ciphers. Enabling those ciphers is an easy
(probably one-liner) modification, but adding the Security Configuration
file parameter to restrict the ciphers would be more difficult (in part
because of the need to support both GnuTLS and OpenSSL.)

DRC

[DRC]

I went ahead and implemented a new security configuration file directive (permitted-cipher-suites), as well as a new Java TurboVNC Viewer system property.  To achieve what you want, assuming you're using OpenSSL 1.0.2 or later, you can add:

    permitted-cipher-suites = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384

to /etc/turbovncserver-security.conf.  That will prevent any ciphers other than the two you listed from being used on the server end, regardless of which ciphers are supported on the client end.  It will also effectively disallow any of the TLS* security types, irrespective of the permitted-security-types directive (because anonymous TLS uses different ciphers.)

As a belt-and-suspenders measure, you can also force the viewer to use only those ciphers by setting

    JAVA_TOOL_OPTIONS='-Dturbovnc.ciphersuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'

in the environment on the client machine.

The Xvnc log file, as well as the debug output from the viewer (-loglevel 100) will reveal which ciphers are available and which cipher was negotiated between server and client.

DRC

On 7/12/19 2:25 PM, Andy wrote:

--
You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/717ffd21-4778-4e1c-a6ef-b4fb50f2bf59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Andy]

Wow! Thanks for the quick fix! 

I take all I need to try it out is to pull and build the latest turbovnc and it should work?

Thanks again!

To unsubscribe from this group and stop receiving emails from it, send an email to turbovn...@googlegroups.com.

[DRC]

Yeah, or you can use the pre-release builds, which are generated automatically by Travis and AppVeyor:

https://turbovnc.org/DeveloperInfo/PreReleases

To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/c82c784a-0fef-4f60-b6a6-dc281532dbee%40googlegroups.com.

[Andy]

Hey, so now I'm missing the ECDHE-ECDSA-AES256-GCM-SHA384 algorithms inside of the server and client.

~/.vnc/Server:3.log

16/07/2019 16:15:29 Available cipher suites: DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5

Client output with -loglevel 100

CSecurityTLS: Available cipher suites: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA

However `openssl ciphers` :

At least has the ECDHE-ECDSA-AES256-GCM-SHA384 that I'm looking for (don't see the CBC but thats ok)

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:IDEA-CBC-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-IDEA-CBC-MD5:KRB5-DES-CBC3-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5

I'm not sure what's up with java not seeing it.

I installed version 2.2.80 with the RPM

Server command:  /opt/TurboVNC/bin/vncserver  -SecurityTypes X509Vnc -x509cert /home/user/ca/certs/localhost.cert.pem -x509key /home/user/ca/certs/localhost.key.pem -rfbauth /home/user/ca/t.file 

Client Command: JAVA_TOOL_OPTIONS="" /opt/TurboVNC/bin/vncviewer -loglevel 100 -x509ca /home/user/ca/certs/CA.cem -passwd /home/user/ca/t.file localhost:1

[DRC]

Server and client O/S?  OpenSSL versions?

To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/e850a8b0-9ee8-4780-bd53-2aa1d64bc935%40googlegroups.com.

[Andy]

It's the latest CentOS (7.6 I believe). Both the server and client are running on the same host and openssl 1.0.2

[DRC]

Do you have any legacy OpenSSL libraries installed? If you do, TurboVNC
may be picking up those rather than OpenSSL 1.0.2 (probably something
else I need to fix, BTW.)

[DRC]

Assuming the issue was that you had openssl098e installed as well, and the TurboVNC Server was picking that up instead of OpenSSL 1.0.2, then that issue should now be fixed.

On 7/16/19 4:28 PM, Andy wrote:

[Andy]

Hey sorry, yeah let me do some digging when I get back to my dev box and I'll let you know. Thanks again for all the help!

[Andy]

Hey so you were right.

 Apparently I had a ilbssl.so.0.9.8e.so floating around. 

So I moved all of the stuff relating to that out of the directory and now I get the ECDHE ciphers that i was looking for on the server side. 

Do you know how I would go about adding them to JAVA and the client side? 

From the vncviewer script the only ciphers I have available are :

CSecurityTLS: Available cipher suites: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA 

- It's missing the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher that I'm looking for

Thanks again for the help!

[DRC]

The latest commit in master reverses the TurboVNC Server's search order for OpenSSL DSOs, so it should now pull the DSO from the newest installed version of OpenSSL rather than the oldest.  That means you shouldn't need to move OpenSSL 0.9.8e out of the way anymore.

As far as why Java isn't picking up the newer algorithms, that appears to be because you are using the 3.0 alpha build of the TurboVNC Viewer.  Please use the 2.2.x stable build.  The embedded JRE in 3.0 alpha isn't providing those ciphers for some reason, and I need to look into why (it may simply be that I didn't include the necessary module when building the JRE), but I just tested the 2.2.x build (with OpenJDK 1.8.0), and it works fine.

--

You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/9cd4cde5-a186-4980-9d5e-e36bd538a643%40googlegroups.com.

[Andy]

Ah I gotcha - So I went and installed https://s3.amazonaws.com/turbovnc-pr/master/linux/turbovnc-2.2.3.x86_64.rpm and I can see the ciphers fine from both sides.

 However I think the openssl and Java TLS implementations don't think ECDHE-ECDSA-AES256-GCM-SHA384 == TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.

I haven't done allot of research into the ciphers so maybe theirs a chance that they are different? Or maybe theirs a typo in comparing them?

Here's the logs /config - 

Server :

permitted-cipher-suites = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384

18/07/2019 11:10:14 Available cipher suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384

18/07/2019 11:10:14 Deferring TLS handshake

18/07/2019 11:10:14 SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (336109761)

18/07/2019 11:10:14 Client 127.0.0.1 gone

Client

   JAVA_TOOL_OPTIONS='-Dturbovnc.ciphersuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'

SecurityTLS: Not using X.509 CRL

CSecurityTLS: Available cipher suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

com.turbovnc.rdr.SystemException: javax.net.ssl.SSLException: Received fatal alert: handshake_failure

Thanks again for the help

To unsubscribe from this group and stop receiving emails from it, send an email to turbovn...@googlegroups.com.

[DRC]

It works fine for me. Are you sure your certificate is ECDSA?

gencert.san.ec from
https://gist.github.com/dcommander/fc608434735026dd8215

shows how to generate one (at least, as far as I determine. I'm not an
expert on this stuff.) The error you're still getting would occur if,
for instance, your certificate is RSA but you're trying to use it with
an ECDSA cipher.

On 7/18/19 10:23 AM, Andy wrote:
> Ah I gotcha - So I went and
> installed https://s3.amazonaws.com/turbovnc-pr/master/linux/turbovnc-2.2.3.x86_64.rpm
> and I can see the ciphers fine from both sides.
>  However I think the openssl and Java TLS implementations don't think
> ECDHE-ECDSA-AES256-GCM-SHA384 == TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
> I haven't done allot of research into the ciphers so maybe theirs a
> chance that they are different? Or maybe theirs a typo in comparing them?
>
> Here's the logs /config - 

> *Server :*

>> <http://ilbssl.so.0.9.8e.so> floating around. 

>> send an email to turbovn...@googlegroups.com <javascript:>.

>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/turbovnc-users/9cd4cde5-a186-4980-9d5e-e36bd538a643%40googlegroups.com

>> <https://groups.google.com/d/msgid/turbovnc-users/9cd4cde5-a186-4980-9d5e-e36bd538a643%40googlegroups.com?utm_medium=email&utm_source=footer>.

>> For more options, visit https://groups.google.com/d/optout

>> <https://groups.google.com/d/optout>.

>
> --
> You received this message because you are subscribed to the Google
> Groups "TurboVNC User Discussion/Support" group.
> To unsubscribe from this group and stop receiving emails from it, send

> an email to turbovnc-user...@googlegroups.com
> <mailto:turbovnc-user...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/turbovnc-users/adb0fbe2-8dbe-4c84-86e5-692a5c8429d4%40googlegroups.com
> <https://groups.google.com/d/msgid/turbovnc-users/adb0fbe2-8dbe-4c84-86e5-692a5c8429d4%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Andy]

Oh woops I'm silly. That was it. Generated some EC certs with openssl and now it works! 


Thanks so much !

> an email to turbovn...@googlegroups.com
> <mailto:turbovnc-users+unsub...@googlegroups.com>.

[DRC]

EC ciphers should now work in the 3.0 alpha build as well, once Travis finishes spinning it.  As suspected, the custom embedded JRE was missing the necessary modules to implement those ciphers.

DRC

To unsubscribe from this group and stop receiving emails from it, send an email to turbovnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/f9f427de-36e8-46c1-bb15-fdb8bcc0c048%40googlegroups.com.

[Andy]

Awesome thanks! I have another question (or maybe feature request) about the viewer that I'll post on another thread

To unsubscribe from this group and stop receiving emails from it, send an email to turbovn...@googlegroups.com.