It's working for me with:
server ------- push @$cmd, '-spice',"tls-port=60100,disable-ticketing,$x509,tls-ciphers=DES-CBC3-SHA"; client ------ #remote-viewer testtls.conf cp pve-root-ca.pem /home/spirit/.spicec/spice_truststore.pem test.conf file: [virt-viewer] type=spice host=kvmtest1.odiso.net tls-ciphers=DES-CBC3-SHA tls-port=60100 about ca.pem, it should be possible to add it in configuration file https://git.fedorahosted.org/cgit/virt-viewer.git/tree/src/virt-viewer-file.c * - ca: string PEM data (use \n to seperate the lines) ----- Mail original ----- De: "Alexandre DERUMIER" <aderum...@odiso.com> À: "Dietmar Maurer" <diet...@proxmox.com> Cc: pve-devel@pve.proxmox.com Envoyé: Mardi 16 Juillet 2013 13:23:06 Objet: Re: [pve-devel] spice tls on usix socket Hi, Dietmar, sorry I was busy this morning. To get it work, I need to force cipher on server. this works for me: push @$cmd, '-spice',"port=xxx,tls-port=xxx,disable-ticketing,$x509,tls-ciphers=DES-CBC3-SHA"; (I think that port= is optionnal, should work with tls-port only) you can also try to force all channels with tls ",tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=cursor,tls-channel=playback,tls-channel=record,tls-channel=usbredir" I'll redo test today to send you a full working patch. ----- Mail original ----- De: "Dietmar Maurer" <diet...@proxmox.com> À: "Alexandre DERUMIER (aderum...@odiso.com)" <aderum...@odiso.com> Cc: pve-devel@pve.proxmox.com Envoyé: Mardi 16 Juillet 2013 10:05:18 Objet: RE: spice tls on usix socket And if I try to connect to the other port # remote-viewer spice://localhost:3001 then kvm print this error: 139895458642144:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:348: > -----Original Message----- > From: pve-devel-boun...@pve.proxmox.com [mailto:pve-devel- > boun...@pve.proxmox.com] On Behalf Of Dietmar Maurer > Sent: Dienstag, 16. Juli 2013 09:47 > To: Alexandre DERUMIER (aderum...@odiso.com) > Cc: pve-devel@pve.proxmox.com > Subject: Re: [pve-devel] spice tls on usix socket > > > But maybe it is easier to use a local tcp socket? > > Just tried to use spice with tcp/tls, but I can't get that working. > > # kvm -vga qxl -spice port=3000,tls-port=3001,addr=127.0.0.1,disable- > ticketing,tls-channel=main > > but remote-viewer is unable to connect > > # remote-viewer spice://localhost:3000 > > ** (remote-viewer:100957): WARNING **: The connection is closed ... > > And the kvm binary print the following warning: > > Spice-Warning **: reds.c:2695:reds_handle_read_link_done: spice channels > 1 should be encrypted > > > Any idea whats wrong? > > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel