That the thing, I don't know how to force/configure the VNC client on guacamole side. I tried many security type on VNC server (wich is installed on a ubuntu workstation) but it always failed.
On the guacamole server: Starting Nmap 6.40 ( http://nmap.org ) at 2019-04-26 10:39 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000066s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | compressors: | NULL | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | compressors: | NULL | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | compressors: | NULL |_ least strength: strong On the Ubuntu workstation: openssl ciphers -s | grep DHE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA For exemple, I tried to start my vncserver without DH: user@ubuntu$ x11vnc -ssl -vencrypt nodh:only -passwd ***** 26/04/2019 10:56:19 SSL: accept_openssl(OPENSSL_VNC) 26/04/2019 10:56:19 SSL: spawning helper process to handle: ***.***.*.***:58450 26/04/2019 10:56:19 SSL: helper for peerport 58450 is pid 20949: 26/04/2019 10:56:19 connect_tcp: trying: 127.0.0.1 20000 26/04/2019 10:56:20 check_vnc_tls_mode: waited: 1.419587 / 1.40 input: (future) RFB Handshake 26/04/2019 10:56:20 check_vnc_tls_mode: version: 3.8 26/04/2019 10:56:20 SSL: ssl_helper[20949]: exit case 2 (ssl_init failed) 26/04/2019 10:56:20 SSL: accept_openssl: cookie from ssl_helper[20949] FAILED. 0 On guacamole side: Apr 26 10:58:32 guacamole guacd[27115]: VNC server supports protocol version 3.8 (viewer 3.8) Apr 26 10:58:32 guacamole guacd[27115]: We have 1 security types to read Apr 26 10:58:32 guacamole guacd: guacd[27115]: ERROR:#011Unable to connect to VNC server. Apr 26 10:58:32 guacamole guacd[27115]: 0) Received security type 19 Apr 26 10:58:32 guacamole guacd[27115]: Unknown authentication scheme from VNC server: 19 Apr 26 10:58:32 guacamole guacd[27115]: Unable to connect to VNC server. Apr 26 10:58:32 guacamole guacd[27115]: User "@d820419b-18c0-4c77-8ead-50eeb919a0b1" disconnected (0 users remain) And I tried another vncviewer (ssvnc). It retriver and save the cert and seem to use ECDHE-RSA-AES256-GCM-SHA384 cipher. Thanks for you help! -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
