Awesome thanks! I have another question (or maybe feature request) about the viewer that I'll post on another thread
On Friday, July 19, 2019 at 10:06:16 PM UTC-4, DRC wrote: > > EC ciphers should now work in the 3.0 alpha build as well, once Travis > finishes spinning it. As suspected, the custom embedded JRE was missing > the necessary modules to implement those ciphers. > > DRC > On 7/18/19 1:41 PM, Andy wrote: > > Oh woops I'm silly. That was it. Generated some EC certs with openssl and > now it works! > > > Thanks so much ! > > On Thursday, July 18, 2019 at 12:44:14 PM UTC-4, DRC wrote: >> >> It works fine for me. Are you sure your certificate is ECDSA? >> >> gencert.san.ec from >> https://gist.github.com/dcommander/fc608434735026dd8215 >> >> shows how to generate one (at least, as far as I determine. I'm not an >> expert on this stuff.) The error you're still getting would occur if, >> for instance, your certificate is RSA but you're trying to use it with >> an ECDSA cipher. >> >> On 7/18/19 10:23 AM, Andy wrote: >> > Ah I gotcha - So I went and >> > installed >> https://s3.amazonaws.com/turbovnc-pr/master/linux/turbovnc-2.2.3.x86_64.rpm >> > and I can see the ciphers fine from both sides. >> > However I think the openssl and Java TLS implementations don't think >> > ECDHE-ECDSA-AES256-GCM-SHA384 == >> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. >> > I haven't done allot of research into the ciphers so maybe theirs a >> > chance that they are different? Or maybe theirs a typo in comparing >> them? >> > >> > Here's the logs /config - >> > *Server :* >> > >> > permitted-cipher-suites = >> > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 >> > >> > >> > 18/07/2019 11:10:14 Available cipher suites: >> > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 >> > 18/07/2019 11:10:14 Deferring TLS handshake >> > 18/07/2019 11:10:14 SSL_accept() failed: error:1408A0C1:SSL >> > routines:ssl3_get_client_hello:no shared cipher (336109761) >> > 18/07/2019 11:10:14 Client 127.0.0.1 gone >> > >> > Client >> > >> > >> > >> >> JAVA_TOOL_OPTIONS='-Dturbovnc.ciphersuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' >> >> >> > >> > >> > SecurityTLS: Not using X.509 CRL >> > CSecurityTLS: Available cipher suites: >> > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, >> > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >> > com.turbovnc.rdr.SystemException: javax.net.ssl.SSLException: Received >> > fatal alert: handshake_failure >> > >> > Thanks again for the help >> > >> > On Wednesday, July 17, 2019 at 7:31:28 PM UTC-4, DRC wrote: >> > >> > The latest commit in master reverses the TurboVNC Server's search >> > order for OpenSSL DSOs, so it should now pull the DSO from the >> > newest installed version of OpenSSL rather than the oldest. That >> > means you shouldn't need to move OpenSSL 0.9.8e out of the way >> anymore. >> > >> > As far as why Java isn't picking up the newer algorithms, that >> > appears to be because you are using the 3.0 alpha build of the >> > TurboVNC Viewer. Please use the 2.2.x stable build. The embedded >> > JRE in 3.0 alpha isn't providing those ciphers for some reason, and >> > I need to look into why (it may simply be that I didn't include the >> > necessary module when building the JRE), but I just tested the >> 2.2.x >> > build (with OpenJDK 1.8.0), and it works fine. >> > >> > >> > On 7/17/19 3:56 PM, Andy wrote: >> >> Hey so you were right. >> >> >> >> Apparently I had a ilbssl.so.0.9.8e.so >> >> <http://ilbssl.so.0.9.8e.so> floating around. >> >> >> >> So I moved all of the stuff relating to that out of the directory >> >> and now I get the ECDHE ciphers that i was looking for on the >> >> server side. >> >> >> >> Do you know how I would go about adding them to JAVA and the >> >> client side? >> >> From the vncviewer script the only ciphers I have available are : >> >> >> >> CSecurityTLS: Available cipher suites: TLS_AES_128_GCM_SHA256, >> >> TLS_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, >> >> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, >> >> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, >> >> TLS_RSA_WITH_AES_128_GCM_SHA256, >> >> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, >> >> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, >> >> TLS_RSA_WITH_AES_256_CBC_SHA256, >> >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, >> >> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, >> >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, >> >> TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, >> >> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, >> >> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, >> >> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, >> >> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, >> >> TLS_DH_anon_WITH_AES_256_GCM_SHA384, >> >> TLS_DH_anon_WITH_AES_128_GCM_SHA256, >> >> TLS_DH_anon_WITH_AES_256_CBC_SHA256, >> >> TLS_DH_anon_WITH_AES_256_CBC_SHA, >> >> TLS_DH_anon_WITH_AES_128_CBC_SHA256, >> TLS_DH_anon_WITH_AES_128_CBC_SHA >> >> >> >> - It's missing the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher >> >> that I'm looking for >> >> >> >> Thanks again for the help! >> >> >> >> On Wednesday, July 17, 2019 at 5:20:47 AM UTC-4, Andy wrote: >> >> >> >> Hey sorry, yeah let me do some digging when I get back to my >> >> dev box and I'll let you know. Thanks again for all the help! >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups "TurboVNC User Discussion/Support" group. >> >> To unsubscribe from this group and stop receiving emails from it, >> >> send an email to [email protected] <javascript:>. >> >> To view this discussion on the web visit >> >> >> https://groups.google.com/d/msgid/turbovnc-users/9cd4cde5-a186-4980-9d5e-e36bd538a643%40googlegroups.com >> >> >> < >> https://groups.google.com/d/msgid/turbovnc-users/9cd4cde5-a186-4980-9d5e-e36bd538a643%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> >> For more options, visit https://groups.google.com/d/optout >> >> <https://groups.google.com/d/optout>. >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "TurboVNC User Discussion/Support" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected] >> > <mailto:[email protected]>. >> > To view this discussion on the web visit >> > >> https://groups.google.com/d/msgid/turbovnc-users/adb0fbe2-8dbe-4c84-86e5-692a5c8429d4%40googlegroups.com >> >> > < >> https://groups.google.com/d/msgid/turbovnc-users/adb0fbe2-8dbe-4c84-86e5-692a5c8429d4%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> > For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "TurboVNC User Discussion/Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/turbovnc-users/f9f427de-36e8-46c1-bb15-fdb8bcc0c048%40googlegroups.com > > <https://groups.google.com/d/msgid/turbovnc-users/f9f427de-36e8-46c1-bb15-fdb8bcc0c048%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/2fe0ae23-072e-46a7-9e1b-ee23051c3481%40googlegroups.com.
