On Thu, Feb 17, 2011 at 01:36:30PM -0600, DRC wrote: > If I set the types as you describe below, it doesn't work how I would > expect. The client will always use VncAuth if the server supports it, > regardless of the preferred order on the server. That's not what I > want. I want the client to take the first security type from the server > as its default. > > Leaving the security types as-is on the client (with X509Plain first and > VncAuth second to last) doesn't do what I expect either. In this case, > the client will always try to use an encrypted type, even if the server > prefers VncAuth over TLS. > > In other words, it seems like the client's security type order is being > honored, not the server's. IMHO, the security types on the client > should mean "this is what I support", whereas the server security types > should determine the actual preference order.
This decision has been commited by Adam in rev 4093 and 4094. He has ripped out the support switching between Client and Server security type order and set the default to client. (http://www.mail-archive.com/tigervnc-devel@lists.sourceforge.net/msg00721.html) I'm in favour of this change, as as enforment of server settings is a placebo in the open source world. The decision to client side order was taken by dropping in common/rfb/CConnection.cxx: if (secType == secTypeInvalid || clientSecTypeOrder) { Revisiting this decison would also need to change order of the two loops in common/rfb/CSecurityVeNCrypt.cxx: for (j = preferredList.begin(); j != preferredList.end(); j++) { for (i = 0; i < nAvailableTypes; i++) { Regards, Martin Kögler ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
