I did some digging, and unfortunately there is no way to enable/disable OpenSSL ciphers on a system-wide or per-user basis. They have to be configured on a per-application basis. I will investigate adding a new TurboVNC security configuration file property for this, as it seems like something that would be generally useful.
On 7/12/19 10:03 AM, Andy wrote: > Hey so I have some strict requirements on what encryption ciphers we are > allowed to use. > > Basically I need it to use > either TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > or TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384. > > From the viewer side I'm able to restrict the ciphers available to it by > modifying the java argument inside of the vncviewer script: > and adding on the options > -Djava.security.properties=/opt/test/java.security.restictive > -Djavax.net.debug=ssl > > Now I get an SSL Handshake error when I try to connect - I think its > because Xvnc doesn't support the 2 ciphers that I'm trying to use. > > How would I go about enabling the two ciphers from the server (Xvnc) > side? I'd prefer to not have to recompile, but I'm not afraid to. > > > Thanks! -- You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/ba08d9af-d2c2-fe71-c1cc-8262f467fca1%40virtualgl.org. For more options, visit https://groups.google.com/d/optout.
