*** This bug is a duplicate of bug 1281250 ***
https://bugs.launchpad.net/bugs/1281250
Upstream bug at https://bugzilla.gnome.org/show_bug.cgi?id=728267
** Bug watch added: GNOME Bug Tracker #728267
https://bugzilla.gnome.org/show_bug.cgi?id=728267
** Also affects: vino via
https://bugzilla.gnome.org/show_bug.cgi?id=728267
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to vino in Ubuntu.
https://bugs.launchpad.net/bugs/1615251
Title:
By default, Vino requires insecure anonymous Diffie Hellman ciphers
for encryption and is incompatible with Android 6+ devices
Status in vino:
Unknown
Status in vino package in Ubuntu:
Confirmed
Bug description:
Anonymous Diffie Hellman certificates do not provide identity verification
(unlike x509 certificates). Therefore, while they provide link encryption, they
do not guard against man-in-the-middle attacks. Google decided to drop support
for these certificates in v6.0+ (API23):
https://developer.android.com/reference/javax/net/ssl/SSLEngine.html
This means that my application, bVNC, (open-source VNC client for
Android,
https://play.google.com/store/apps/details?id=com.iiordanov.freebVNC)
no longer works unless Vino encryption requirement is disabled (e.g.
with gsettings set org.gnome.Vino require-encryption false)!
This forces me to recommend other VNC clients - x11vnc or TigerVNC -
for users that need to encrypt their VNC connections on Android 6+.
For more background, see:
https://groups.google.com/forum/#!topic/bvnc-ardp-aspice-opaque-
android-bb10-clients/lINJkYJbN-U
Both x11vnc and TigerVNC support VeNCrypt (with x509 certificates that
support identity verification), and in my opinion, it is time for
Vino, as the standard remote desktop solution for Ubuntu, to also
consider supporting a modern encryption technique.
In addition to x509 certificates, VeNCrypt also supports
authenticating with a user name and an arbitrary length password,
which means that if Vino so chooses, it can also utilize PAM and allow
users to connect to their desktop machine with their actual Ubuntu
credentials
Furthermore, if we want to get really fancy, this means that we could
launch vino at start-up and even allow people to connect to their
machine when nobody is logged in like Mac OS X permits with its VNC
server.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: vino 3.8.1-0ubuntu9
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Sat Aug 20 12:26:23 2016
InstallationDate: Installed on 2014-02-28 (903 days ago)
InstallationMedia: Ubuntu 12.04.4 LTS "Precise Pangolin" - Release amd64
(20140204)
SourcePackage: vino
UpgradeStatus: Upgraded to xenial on 2016-07-30 (21 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/vino/+bug/1615251/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
