*** This bug is a duplicate of bug 1281250 *** https://bugs.launchpad.net/bugs/1281250
Upstream bug at https://bugzilla.gnome.org/show_bug.cgi?id=728267 ** Bug watch added: GNOME Bug Tracker #728267 https://bugzilla.gnome.org/show_bug.cgi?id=728267 ** Also affects: vino via https://bugzilla.gnome.org/show_bug.cgi?id=728267 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to vino in Ubuntu. https://bugs.launchpad.net/bugs/1615251 Title: By default, Vino requires insecure anonymous Diffie Hellman ciphers for encryption and is incompatible with Android 6+ devices Status in vino: Unknown Status in vino package in Ubuntu: Confirmed Bug description: Anonymous Diffie Hellman certificates do not provide identity verification (unlike x509 certificates). Therefore, while they provide link encryption, they do not guard against man-in-the-middle attacks. Google decided to drop support for these certificates in v6.0+ (API23): https://developer.android.com/reference/javax/net/ssl/SSLEngine.html This means that my application, bVNC, (open-source VNC client for Android, https://play.google.com/store/apps/details?id=com.iiordanov.freebVNC) no longer works unless Vino encryption requirement is disabled (e.g. with gsettings set org.gnome.Vino require-encryption false)! This forces me to recommend other VNC clients - x11vnc or TigerVNC - for users that need to encrypt their VNC connections on Android 6+. For more background, see: https://groups.google.com/forum/#!topic/bvnc-ardp-aspice-opaque- android-bb10-clients/lINJkYJbN-U Both x11vnc and TigerVNC support VeNCrypt (with x509 certificates that support identity verification), and in my opinion, it is time for Vino, as the standard remote desktop solution for Ubuntu, to also consider supporting a modern encryption technique. In addition to x509 certificates, VeNCrypt also supports authenticating with a user name and an arbitrary length password, which means that if Vino so chooses, it can also utilize PAM and allow users to connect to their desktop machine with their actual Ubuntu credentials Furthermore, if we want to get really fancy, this means that we could launch vino at start-up and even allow people to connect to their machine when nobody is logged in like Mac OS X permits with its VNC server. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: vino 3.8.1-0ubuntu9 ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13 Uname: Linux 4.4.0-31-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: XFCE Date: Sat Aug 20 12:26:23 2016 InstallationDate: Installed on 2014-02-28 (903 days ago) InstallationMedia: Ubuntu 12.04.4 LTS "Precise Pangolin" - Release amd64 (20140204) SourcePackage: vino UpgradeStatus: Upgraded to xenial on 2016-07-30 (21 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/vino/+bug/1615251/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp