Skip to content

Commit

Permalink
libvncclient: improve compatibility with GnuTLS 3.8
Browse files Browse the repository at this point in the history 
Since GnuTLS 3.8, TTLS-SRP is disabled by default at compile time [1].
As a result, connecting to a server via TLS fails with:

> Warning: Failed to set TLS priority: The request is invalid. (+SRP).

> TLS handshake failed: No or insufficient priorities were set.

On the other hand, TLS-SRP is apparently unused in libvncclient. It
seems TLS-SRP requires providing serveral parameters, including a
username and a password, via specific GnuTLS API [2], which I didn't
find in the codebase.

[1] https://gitlab.com/gnutls/gnutls/-/merge_requests/1681
[2] https://www.gnutls.org/manual/html_node/Authentication-using-SRP.html
  • Loading branch information
@yan12125 @bk138
yan12125 authored and bk138 committed Sep 23, 2024
1 parent 27617e1 commit 2a23c44
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/libvncclient/tls_gnutls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
#include "tls.h"


static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA";
static const char *rfbAnonTLSPriority = "NORMAL:+ANON-ECDH:+ANON-DH";

#define DH_BITS 1024
Expand Down

0 comments on commit 2a23c44

Please sign in to comment.