On Tue, Dec 12, 2023 at 9:40 AM Christopher Speck <die.drac...@gmail.com> wrote:
> Could you add further information on what security requirements are > prompting this? I don't follow how encrypting the tunnel further would add > additional security over turning on TLS. It would probably be better to > ensure appropriate network security via routing, firewalls, and vpn. > I agree with this - I'm not sure why AES-encrypting keystrokes would provide any value outside of the TLS encryption that is already present if you configure HTTPS and WSS. > > Terminating the AES of the guacamole protocol would have to be done in > guacamole-server, where it then converts to RDP/VNC which wouldn't be able > to be further encrypted with AES (but you can configure these connections > to also use TLS). Adding AES here would only prevent the guacamole-client > web server from being able to inspect the traffic. The guacamole-client web > server has to inspect the traffic to some degree as there are some > instructions managed on the web server and not passed on to the > guacamole-server. Encrypting at the JS client and decrypting in > guacamole-server would not be beneficial over using HTTPS from browser to > guacamole-client web server and TLS between guacamole-client and > guacamole-server. > A couple of things worth noting, here: * I cannot think of any place within the Guacamole Client code that runs in Tomcat that you would need to be able to "see" the Guacamole protocol traffic, specifically the keystrokes. Basically, Tomcat just facilitates the tunnel between guacd and the web browser, providing access control and managing access to connections. But it doesn't really evaluate anything related to the protocol traffic itself. * It is possible to encrypt the Guacamole protocol traffic between the Tomcat instance where the server-side Guacamole Client code runs and the guacd instance. You can configure the guacd SSL settings and make sure Tomcat has the correct trust set up, and that traffic will be encrypted. This is valuable in the case where you have some potentially-untrusted network distance between Tomcat and guacd. This, combined with HTTPS/WSS, gives you end-to-end encryption from the Guacamole Perspective - Browser <-- (HTTPS/WSS) --> Tomcat <-- (TLS) --> guacd. From guacd on to the remote server you'd need to configure encryption on the connection itself - SSH of course already has it, RDP defaults to it, and VNC would require support for TLS. -Nick
