Hello Again, Several respondents have indicated that the original posting was jumbled, therefore, here is another attempt at posting the announcement for the SSL/TLS enabled VNC Client...
Enjoy, An Enthusiastic VNC User. -----------------------Text of Original Message--------------------- Hello All, I apologize to all for the delay in giving out information about the availability of the Java VNC client that I modified which now includes native support for tunneling its RFB stream within a SSL/TLS encrypted and secured connection... Regards, Oscar. Here is the text of the "README.ssl" file that is included in the TAR and GZIP files: ___________________________________________________________________________________________________ The following is a quick note to get you started using the modified VNC Java client which now has support for SSL/TLS. I implemented the support for SSL/TLS by adding the creation of a secure connection to a remote server in which the VNC's RFB stream is then encapsulated (i.e. tunneled). In the ".java" file named RfbProto.java I have added the SSL/TLS connection setup code that is conditioned upon a environment variable "USETLS" being set equal to "1". If the environment variable is set, then the code will first establish an SSL/TLS connection with a remote system and port number passed via the standard environment variables. Once the secure connection is setup, the normal flow of RFB handshake will then take place. If the environment variable is not set, then normal behavior of VNC is retained. The way I have used the VNC client is to provide web based access to systems that run the VNC server. This was accomplished on a Linux system by using the "stunnel" package to allow me to have "stunnel" establish the secure connection with the SSL/TLS enabled client and then redirect the decrypted RFB traffic to a regular VNC server of your choosing... To build the JAR file, I just use the "MakeJAR.script" script !!! For those "hardcore" JAVA programer types you may not like how I have decided to compile and manage things, however, it works for me... Please note: I, sort of "hacked", the JAVA TrustManager to allow the use of SSL/TLS server certificates that are not in the default JRE CA (Certificate Authority) database. This allows you to use your own "home grown" certificates on the remote SSL/TLS server (i.e. the stunnel installation) and avoid having to purchase a "real" CA signed certificate. You can remove the offending code if you feel this is a security exposure and you plan to either use real "blessed" certificates or you plan to install YOUR CA's certificate into the JRE's trust-chain database of every client machine that may be using that server... The enablement for this "hack" is also in the file "AllowAllX509TrustManager.java". The full dump of source code, this README.ssl file and a precompiled JAR file can be found at: http://images.skipstone.com/Secure_SSL_VNC.tar -or- http://images.skipstone.com/Secure_SSL_VNC.tgz Enjoy, ORMitchell. E-Mail: [EMAIL PROTECTED] ------------------------------------------------------------------------------------------------------- Below is example HTML code that will allow you to embedded the JAVA client into a web page and accomplish two things: 1) Define the server and port number to connect to using SSL/TLS. 2) For, at least, Internet Explorer automatically detect the version of JAVA JRE installed on the client's system and offer the ability to download the windows install file for the version of the minimum JRE level needed by the VNC JAVA client... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <!-- TightVNC server is running. --> <HTML> <TITLE> My Company's Web-based SSL Tunneled Secure Remote Access Web Page </TITLE> <!--"CONVERTED_APPLET"--> <!-- HTML CONVERTER --> <OBJECT classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" codebase = "https://www.MyCompany.com/jinstall-1_4_2-windows-i586.cab#Version=1,4,0,0"; <!-- WIDTH = 1288 HEIGHT = 1032 > --> <PARAM NAME = CODE VALUE = VncViewer.class > <PARAM NAME = ARCHIVE VALUE = VncViewer.jar > <PARAM NAME = "type" VALUE = "application/x-java-applet;version=1.4"> <PARAM NAME = "scriptable" VALUE = "false"> <PARAM NAME = PORT VALUE=1492> <PARAM NAME = HOST VALUE=www.MyCompany.com> <PARAM NAME = USETLS VALUE=1> <COMMENT> <EMBED type = "application/x-java-applet;version=1.4" CODE = VncViewer.class ARCHIVE = VncViewer.jar WIDTH = 1288 HEIGHT = 1032 PORT =1492 HOST =www.MyCompany.com USETLS =1 scriptable = false pluginspage = "http://java.sun.com/products/plugin/index.html#download";> <NOEMBED> </NOEMBED> </EMBED> </COMMENT> </OBJECT> <!-- <APPLET CODE = VncViewer.class ARCHIVE = VncViewer.jar WIDTH = 1288 HEIGHT = 1032 > <PARAM NAME = PORT VALUE=1492> <PARAM NAME = HOST VALUE=www.MyCompany.com> <PARAM NAME = USETLS VALUE=1> </APPLET> --> <!--"END_CONVERTED_APPLET"--> <BR> <A href="https://www.MyCompany.com/";>My Company's Corporate Website</A> </HTML> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
