*** This bug is a duplicate of bug 1281250 ***
https://bugs.launchpad.net/bugs/1281250
Thank you for taking the time to report this bug and helping to make
Ubuntu better. The issue you are reporting is an upstream one and it
would be nice if somebody having it could send the bug to the developers
of the software by following the instructions at
https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please
tell us the number of the upstream bug (or the link), so we can add a
bugwatch that will inform us about its status. Thanks in advance.
** Changed in: vino (Ubuntu)
Importance: Undecided => Low
** This bug has been marked a duplicate of bug 1281250
VNC accessible from non-linux machines only with encryption disabled
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to vino in Ubuntu.
https://bugs.launchpad.net/bugs/1615251
Title:
By default, Vino requires insecure anonymous Diffie Hellman ciphers
for encryption and is incompatible with Android 6+ devices
Status in vino package in Ubuntu:
Confirmed
Bug description:
Anonymous Diffie Hellman certificates do not provide identity verification
(unlike x509 certificates). Therefore, while they provide link encryption, they
do not guard against man-in-the-middle attacks. Google decided to drop support
for these certificates in v6.0+ (API23):
https://developer.android.com/reference/javax/net/ssl/SSLEngine.html
This means that my application, bVNC, (open-source VNC client for
Android,
https://play.google.com/store/apps/details?id=com.iiordanov.freebVNC)
no longer works unless Vino encryption requirement is disabled (e.g.
with gsettings set org.gnome.Vino require-encryption false)!
This forces me to recommend other VNC clients - x11vnc or TigerVNC -
for users that need to encrypt their VNC connections on Android 6+.
For more background, see:
https://groups.google.com/forum/#!topic/bvnc-ardp-aspice-opaque-
android-bb10-clients/lINJkYJbN-U
Both x11vnc and TigerVNC support VeNCrypt (with x509 certificates that
support identity verification), and in my opinion, it is time for
Vino, as the standard remote desktop solution for Ubuntu, to also
consider supporting a modern encryption technique.
In addition to x509 certificates, VeNCrypt also supports
authenticating with a user name and an arbitrary length password,
which means that if Vino so chooses, it can also utilize PAM and allow
users to connect to their desktop machine with their actual Ubuntu
credentials
Furthermore, if we want to get really fancy, this means that we could
launch vino at start-up and even allow people to connect to their
machine when nobody is logged in like Mac OS X permits with its VNC
server.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: vino 3.8.1-0ubuntu9
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Sat Aug 20 12:26:23 2016
InstallationDate: Installed on 2014-02-28 (903 days ago)
InstallationMedia: Ubuntu 12.04.4 LTS "Precise Pangolin" - Release amd64
(20140204)
SourcePackage: vino
UpgradeStatus: Upgraded to xenial on 2016-07-30 (21 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vino/+bug/1615251/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
