On 2025-11-07, [email protected] <[email protected]> wrote: > Dear list, > > > I have a problem connecting my OpenBSD 7.8 computer to Windows 11 via > the remote-desktop connection, using freerdp-2.11.7. If, on windows, > the option "Require devices to use Network-level Authentication to connect" > is selected, I fail to connect: > > ; xfreerdp /u:USER /p:PASSWORD /v:IP > [17:45:57:115] [52128:15346440] [WARN][com.freerdp.crypto] - Certificate > verification failure 'unable to get local issuer certificate (20)' at stack > position 0 > [17:45:57:116] [52128:15346440] [WARN][com.freerdp.crypto] - CN = > DESKTOP-BLABLA > [17:45:57:120] [52128:15346440] [ERROR][com.freerdp.core.transport] - > BIO_read returned an error: error:1404C438:SSL routines:ST_OK:tlsv1 alert > internal error > [17:45:57:120] [52128:15346440] [ERROR][com.freerdp.core] - > transport_read_layer:freerdp_set_last_error_ex > ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] > [17:45:57:258] [52128:15346440] [ERROR][com.freerdp.core.transport] - > BIO_read returned an error: error:1404C438:SSL routines:ST_OK:tlsv1 alert > internal error > [17:45:57:258] [52128:15346440] [ERROR][com.freerdp.core] - > transport_read_layer:freerdp_set_last_error_ex > ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] > [17:45:57:258] [52128:15346440] [ERROR][com.freerdp.core] - > freerdp_post_connect failed > > If I deselect that option and add a switch about /sec:tls like > > ; xfreerdp /u:USER /p:PASSWORD /sec:tls /v:IP > > I succeed. > > I do not know how dangerous it is to proceed with no NLA, probably it > is better to have it active (??). So I want to ask if somebody knows what > can be wrong or what can be done to mitigate the issue. > > Thank you for your comments. > > > Best regards, > Ruda > >
Apparently building freerdp against openssl may help. https://marc.info/?l=openbsd-misc&m=172244062927222&w=2 We probably can't do that in ports (there will be problems if the library is used by programs linked against libressl). -- Please keep replies on the mailing list.
