Yeah, or you can use the pre-release builds, which are generated automatically by Travis and AppVeyor:
https://turbovnc.org/DeveloperInfo/PreReleases On 7/16/19 11:57 AM, Andy wrote: > Wow! Thanks for the quick fix! > > I take all I need to try it out is to pull and build the latest > turbovnc and it should work? > > Thanks again! > > On Saturday, July 13, 2019 at 1:37:31 AM UTC-4, DRC wrote: > > I went ahead and implemented a new security configuration file > directive (permitted-cipher-suites), as well as a new Java > TurboVNC Viewer system property. To achieve what you want, > assuming you're using OpenSSL 1.0.2 or later, you can add: > > permitted-cipher-suites = > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 > > to /etc/turbovncserver-security.conf. That will prevent any > ciphers other than the two you listed from being used on the > server end, regardless of which ciphers are supported on the > client end. It will also effectively disallow any of the TLS* > security types, irrespective of the permitted-security-types > directive (because anonymous TLS uses different ciphers.) > > As a belt-and-suspenders measure, you can also force the viewer to > use only those ciphers by setting > > > > JAVA_TOOL_OPTIONS='-Dturbovnc.ciphersuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' > > in the environment on the client machine. > > The Xvnc log file, as well as the debug output from the viewer > (-loglevel 100) will reveal which ciphers are available and which > cipher was negotiated between server and client. > > DRC > > On 7/12/19 2:25 PM, Andy wrote: >> That would be awesome >> >> Thanks! >> >> On Friday, July 12, 2019 at 2:46:20 PM UTC-4, DRC wrote: >> >> I did some digging, and unfortunately there is no way to >> enable/disable >> OpenSSL ciphers on a system-wide or per-user basis. They >> have to be >> configured on a per-application basis. I will investigate >> adding a new >> TurboVNC security configuration file property for this, as it >> seems like >> something that would be generally useful. >> >> On 7/12/19 10:03 AM, Andy wrote: >> > Hey so I have some strict requirements on what encryption >> ciphers we are >> > allowed to use. >> > >> > Basically I need it to use >> > either TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >> > or TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384. >> > >> > From the viewer side I'm able to restrict the ciphers >> available to it by >> > modifying the java argument inside of the vncviewer script: >> > and adding on the options >> > -Djava.security.properties=/opt/test/java.security.restictive >> > -Djavax.net.debug=ssl >> > >> > Now I get an SSL Handshake error when I try to connect - I >> think its >> > because Xvnc doesn't support the 2 ciphers that I'm trying >> to use. >> > >> > How would I go about enabling the two ciphers from the >> server (Xvnc) >> > side? I'd prefer to not have to recompile, but I'm not >> afraid to. >> > >> > >> > Thanks! >> >> -- >> You received this message because you are subscribed to the >> Google Groups "TurboVNC User Discussion/Support" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected] <javascript:>. >> To view this discussion on the web visit >> >> https://groups.google.com/d/msgid/turbovnc-users/717ffd21-4778-4e1c-a6ef-b4fb50f2bf59%40googlegroups.com >> >> <https://groups.google.com/d/msgid/turbovnc-users/717ffd21-4778-4e1c-a6ef-b4fb50f2bf59%40googlegroups.com?utm_medium=email&utm_source=footer>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > -- > You received this message because you are subscribed to the Google > Groups "TurboVNC User Discussion/Support" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/turbovnc-users/c82c784a-0fef-4f60-b6a6-dc281532dbee%40googlegroups.com > <https://groups.google.com/d/msgid/turbovnc-users/c82c784a-0fef-4f60-b6a6-dc281532dbee%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/3d48530d-f29f-9272-cadb-166d6ec995df%40virtualgl.org. For more options, visit https://groups.google.com/d/optout.
