[jira] [Commented] (GUACAMOLE-274) Guacamole SHA SPDY conflict

Fri, 21 Apr 2017 13:55:56 -0700 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15979357#comment-15979357
 ] 

Michael Jumper commented on GUACAMOLE-274:
------------------------------------------

Configuration of SSL/TLS for the proxy sitting in front of Guacamole (IIS in 
your case) has no bearing on the behavior of RDP. If you're seeing RDP login 
failures, that cannot be related to the problem you describe with IIS, SHA, and 
SPDY.

As far as RDP within Guacamole is concerned, login credentials are supplied via 
the connection parameters, which are independent of the network stack outside 
the web application. The only way that networking changes could affect the way 
credentials are passed to RDP is if you have an extension in place which is 
expecting to grab those credentials from the request and IIS is somehow failing 
to pass those credentials when configured this way.

If SPDY is failing when SHA is disabled for IIS, I'd look deeper into 
configuring IIS with respect to SPDY, but that is definitely independent of 
Guacamole as well. As long things are working as expected when you connect 
directly to Guacamole (without IIS), then the cause of what you're seeing has 
to be the way you've configured IIS.


> Guacamole SHA SPDY conflict
> ---------------------------
>
>                 Key: GUACAMOLE-274
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-274
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole
>    Affects Versions: 0.9.12-incubating
>         Environment: Ubuntu Xenial
>            Reporter: Matt Prager
>
> I use Guacamole to RDP into Windows Server 2016 and noticed the following 
> issue: with SHA disabled, Guacamole never logs in. With SHA enabled, 
> Guacamole logs in but browsers that use SPDY throw insecure protocol errors.
> The is easily reproducible using IISCrypto as enabling SHA immediately allows 
> Guacamole logon and disabling it then rebooting prevents it.
> My RDP security type is set to "any" if that matters.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to