Hello
I work in a mixed Linux/Windows environment where we are required to have
FIPS and NLA enabled and this doesn't seem to work for freerdp. We can't
connect to windows 10 systems with NLA enabled from our redhat linux systems
with fips enabled.
I went digging through the source to see what is going on and found the
following in "libfreerdp/core/connection.c"...
/* FIPS Mode forces the following and overrides the following(by
happening later */
/* in the command line processing): */
/* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos
support yet) which uses
* algorithms */
/* not allowed in FIPS for sensitive data. So, we disallow NLA
when FIPS is required. */
/* 2. Forces the only supported RDP encryption method to be FIPS. */
if (settings->FIPSMode || winpr_FIPSMode())
{
settings->NlaSecurity = FALSE;
settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
}
This makes it sound like FIPS and NLA can't coexist right now. I can't seem to
find details on what the NLA extended protocols are to see if this is a
workaround for this issue.
Is there a way to use freerdp between systems requiring FIPS on linux and NLA
on windows 10?
If so, could you point me towards documentation for it?
Is there a bug/project entry for adding NLA kerberos support for freerdp that I
can follow?
Is there another RDP client that supports fips and NLA?
Thanks.
_______________________________________________
FreeRDP-devel mailing list
FreeRDP-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
