Yeah, or you can use the pre-release builds, which are generated
automatically by Travis and AppVeyor:

https://turbovnc.org/DeveloperInfo/PreReleases



On 7/16/19 11:57 AM, Andy wrote:
> Wow! Thanks for the quick fix! 
>
> I take all I need to try it out is to pull and build the latest
> turbovnc and it should work?
>
> Thanks again!
>
> On Saturday, July 13, 2019 at 1:37:31 AM UTC-4, DRC wrote:
>
>     I went ahead and implemented a new security configuration file
>     directive (permitted-cipher-suites), as well as a new Java
>     TurboVNC Viewer system property.  To achieve what you want,
>     assuming you're using OpenSSL 1.0.2 or later, you can add:
>
>         permitted-cipher-suites =
>     ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384
>
>     to /etc/turbovncserver-security.conf.  That will prevent any
>     ciphers other than the two you listed from being used on the
>     server end, regardless of which ciphers are supported on the
>     client end.  It will also effectively disallow any of the TLS*
>     security types, irrespective of the permitted-security-types
>     directive (because anonymous TLS uses different ciphers.)
>
>     As a belt-and-suspenders measure, you can also force the viewer to
>     use only those ciphers by setting
>
>        
>     
> JAVA_TOOL_OPTIONS='-Dturbovnc.ciphersuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
>
>     in the environment on the client machine.
>
>     The Xvnc log file, as well as the debug output from the viewer
>     (-loglevel 100) will reveal which ciphers are available and which
>     cipher was negotiated between server and client.
>
>     DRC
>
>     On 7/12/19 2:25 PM, Andy wrote:
>>     That would be awesome
>>
>>     Thanks!
>>
>>     On Friday, July 12, 2019 at 2:46:20 PM UTC-4, DRC wrote:
>>
>>         I did some digging, and unfortunately there is no way to
>>         enable/disable
>>         OpenSSL ciphers on a system-wide or per-user basis.  They
>>         have to be
>>         configured on a per-application basis.  I will investigate
>>         adding a new
>>         TurboVNC security configuration file property for this, as it
>>         seems like
>>         something that would be generally useful.
>>
>>         On 7/12/19 10:03 AM, Andy wrote:
>>         > Hey so I have some strict requirements on what encryption
>>         ciphers we are
>>         > allowed to use.
>>         >
>>         > Basically I need it to use
>>         > either TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>>         > or TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384. 
>>         >
>>         > From the viewer side I'm able to restrict the ciphers
>>         available to it by
>>         > modifying the java argument inside of the vncviewer script:
>>         >  and adding on the options
>>         > -Djava.security.properties=/opt/test/java.security.restictive
>>         > -Djavax.net.debug=ssl
>>         >
>>         > Now I get an SSL Handshake error when I try to connect - I
>>         think its
>>         > because Xvnc doesn't support the 2 ciphers that I'm trying
>>         to use. 
>>         >
>>         > How would I go about enabling the two ciphers from the
>>         server (Xvnc)
>>         > side? I'd prefer to not have to recompile, but I'm not
>>         afraid to.
>>         >
>>         >
>>         > Thanks!
>>
>>     -- 
>>     You received this message because you are subscribed to the
>>     Google Groups "TurboVNC User Discussion/Support" group.
>>     To unsubscribe from this group and stop receiving emails from it,
>>     send an email to [email protected] <javascript:>.
>>     To view this discussion on the web visit
>>     
>> https://groups.google.com/d/msgid/turbovnc-users/717ffd21-4778-4e1c-a6ef-b4fb50f2bf59%40googlegroups.com
>>     
>> <https://groups.google.com/d/msgid/turbovnc-users/717ffd21-4778-4e1c-a6ef-b4fb50f2bf59%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>     For more options, visit https://groups.google.com/d/optout
>>     <https://groups.google.com/d/optout>.
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "TurboVNC User Discussion/Support" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/turbovnc-users/c82c784a-0fef-4f60-b6a6-dc281532dbee%40googlegroups.com
> <https://groups.google.com/d/msgid/turbovnc-users/c82c784a-0fef-4f60-b6a6-dc281532dbee%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"TurboVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/turbovnc-users/3d48530d-f29f-9272-cadb-166d6ec995df%40virtualgl.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to