[jira] [Comment Edited] (GUACAMOLE-274) Guacamole SHA SPDY conflict

Fri, 21 Apr 2017 13:45:24 -0700 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15979345#comment-15979345
 ] 

Matt Prager edited comment on GUACAMOLE-274 at 4/21/17 8:44 PM:
----------------------------------------------------------------

The Hash type. If you look over here - 
https://www.petri.com/cipher-best-practice-configure-iis-ssl-tls-protocol - and 
scroll down to the picture in the middle, you'll see an image of SSL Labs Best 
Practices for IIS. Under Hashes Enabled, you'll see all 5 hash types clicked. 
However, SPDY throws an error unless MD5 and SHA are unselected and, as I 
mentioned before, Guacamole won't connect over RDP unless SHA is selected, 
meaning SPDY and Guacamole are in conflict and I'm forced to either having 
Guacamole work by enabling SHA but getting a million SPDY errors on the web or 
having the web work fine but Guacamole unable to connect to my computer over 
RDP.


was (Author: mobamoba):
The Hash type. If you look over here and scroll down to the picture in the 
middle, you'll see an image of SSL Labs Best Practices for IIS. Under Hashes 
Enabled, you'll see all 5 hash types clicked. However, SPDY throws an error 
unless MD5 and SHA are unselected and, as I mentioned before, Guacamole won't 
connect over RDP unless SHA is selected, meaning SPDY and Guacamole are in 
conflict and I'm forced to either having Guacamole work by enabling SHA but 
getting a million SPDY errors on the web or having the web work fine but 
Guacamole unable to connect to my computer over RDP.

> Guacamole SHA SPDY conflict
> ---------------------------
>
>                 Key: GUACAMOLE-274
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-274
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 0.9.12-incubating
>         Environment: Ubuntu Xenial
>            Reporter: Matt Prager
>
> I use Guacamole to RDP into Windows Server 2016 and noticed the following 
> issue: with SHA disabled, Guacamole never logs in. With SHA enabled, 
> Guacamole logs in but browsers that use SPDY throw insecure protocol errors.
> The is easily reproducible using IISCrypto as enabling SHA immediately allows 
> Guacamole logon and disabling it then rebooting prevents it.
> My RDP security type is set to "any" if that matters.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to