Hi John, On Tue, Jul 07, 2020 at 03:01:18PM -0400, John Mezger via FreeRDP-devel wrote: > I am new user of FreeRDP. welcome \o/.
> I need some guidance/examples on security configuration. I need to start > FreeRDP and enforce the use of TLS >=1.2 . I was looking at the command line > options in the wiki > <https://github.com/FreeRDP/FreeRDP/wiki/CommandLineInterface> and it looked > like this may be possible with the existing options. Could anyone provide an > example of how to accomplish this? To generally enforce tls you need to use the option '/sec:tls'. The other command line options related to TLS are /tls-ciphers and /tls-seclevel. The first one allows it to specify the ciphers you want to use. The later, /tls-seclevel, one is only available if openssl >= 1.1.0 is used and allows it to specify the openssl security level (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html). If you use level 4 here (level 1 is default) TLS below 1.2 is not permitted. Hope that helps. Best regards, Bernhard _______________________________________________ FreeRDP-devel mailing list FreeRDP-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
