Hello, I am struggling to make Guacamole use TLS with VNC. Anonymous TLS works, but my requirement is not to use anonymous TLS. If I configure a certificate on the server side of the VNC connection (I'm using x11vnc as the server), Guacamole is unable to establish communication to the server. I am running Guacamole version 1.6.0.
guacd displays the following in debug mode (reducing the log to relevant entries): Received security type 10 (0/1 in the list) Selected Security Scheme 10 Got VeNCrypt version 0.2. from server. We have 1 security types to read. 0) Received security type 260 Selecting security type 260 GnuTLS version 3.8.10 initialized. guacd[4139]: ERROR: Unsupported credential type requested. guacd[4139]: DEBUG: Unable to provide requested type of credential: 1. As far as I can see, the error messages are produced by guac_vnc_get_credentials() function in the guacd source code. The function only expects rfbCredentialTypeUser (2, defined in libvncserver). All other types are rejected, including the numeric value 1 reported in the log. This value 1 corresponds to rfbCredentialTypeX509 in libvncserver. Note that I am able to establish a connection to my VNC server using the TigerVNC client. Does Guacamole currently support VNC server-side certificates at all? And if it does, how should I configure Guacamole so that it successfully negotiates encryption parameters and proceeds to establish the TLS connection? If a reverse TLS connection could be used from the server to guacd, I would also be interested to learn about that any relevant configuration options. Thank you, Oleg
