can't connect to gnome-remote-desktop vnc with tls-anon

27 views
Skip to first unread message

John Paul Morrison

unread,
Nov 3, 2021, 10:22:36 PM11/3/21
to TigerVNC User Discussion/Support
I'm trying to connect to gnome-remote-desktop 40.1-1.fc34

TigerVNC works great without encryption - best I've found so far.  But I can't connect with tls-anon

First off:
- gnome thinks it's tls-anon 
gsettings  get    org.gnome.desktop.remote-desktop.vnc encryption
['none', 'tls-anon']

- gnome has code for ANON-DH 
grd-vnc-tls.c:  const char kx_priority[] = "NORMAL:+ANON-DH";

- Tiger should support ANON-DH as well 
CSecurityTLS.cxx:  static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";
SSecurityTLS.cxx:  static const char kx_anon_priority[] = ":+ANON-ECDH:+ANON-DH";

- I don't see ANON-DH  (xtigervncviewer_1.11.0-1ubuntu1_amd64.deb)
strings /usr/bin/xtigervncviewer | grep ANON
:+ANON-ECDH:+ANOask for username and password

- Gnome is offering type 18  - is that correct for TLS anon?

 CConnection: reading protocol version
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
 CConnection: processing security types message
 CConnection: Server offers security type VncAuth(2)
 CConnection: Server offers security type [unknown secType](18)
 CConnection: No matching security types
 CConn:       No matching security types




 Config:      set SecurityTypes(String) to TLSNone,TLSVnc,TLSPlain
 CConnection: reading protocol version
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
 CConnection: processing security types message
 CConnection: Server offers security type VncAuth(2)
 CConnection: Server offers security type [unknown secType](18)
 CConnection: No matching security types
 CConn:       No matching security types

Pierre Ossman

unread,
Nov 4, 2021, 8:48:51 AM11/4/21
to John Paul Morrison, TigerVNC User Discussion/Support
On 04/11/2021 03:22, John Paul Morrison wrote:
> I'm trying to connect to gnome-remote-desktop 40.1-1.fc34
>
> TigerVNC works great without encryption - best I've found so far. But I
> can't connect with tls-anon
>

I'm afraid GNOME's VNC server uses a different type of encryption than
the one we have support for. This issue is tracked here:

https://github.com/TigerVNC/tigervnc/issues/307

Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

John Paul Morrison

unread,
Nov 4, 2021, 6:49:31 PM11/4/21
to Pierre Ossman, TigerVNC User Discussion/Support
Thanks for clarifying. I thought it was odd I couldn't connect - surprised Fedora is shipping this with tls-none as the default.

I managed to get TurboVNC java working.  If anyone needs a Windows exe the virt-viewer MSys will connect. The msi from Red Hat doesn't work though.

DRC

unread,
Nov 4, 2021, 7:47:07 PM11/4/21
to tigervn...@googlegroups.com

The modification to the TigerVNC Viewer would be straightforward, but unfortunately I couldn't do it for just a $20 bounty.  :(

The 3.0 pre-release builds of our viewer don't require Java, for those who may not want to install it:
https://turbovnc.org/DeveloperInfo/PreReleases

DRC

--
You received this message because you are subscribed to the Google Groups "TigerVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tigervnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tigervnc-users/CAO-kYtEiG%3D6D%2BHDDamCTS3GF-mQ1odiSQpeR7PPMy6nU09NCww%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages