James Muehlner created GUACAMOLE-1674:
-----------------------------------------
Summary: RDP NLA security mode incompatible with FIPS
Key: GUACAMOLE-1674
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1674
Project: Guacamole
Issue Type: Bug
Reporter: James Muehlner
RDP connections established when guacd is running on a FIPS-enabled server do
not work with the NLA security method.
This appears to be due to FIPS-compatible ciphers not being implemented when
using NLA security mode.
For more information, see the following bug report:
[https://github.com/FreeRDP/FreeRDP/issues/5746]
It seems like this issue might possibly have been fixed in FreeRDP master in
[this PR|[https://github.com/FreeRDP/FreeRDP/pull/7934],] but the changes are
unreleased (and involve a major version bump to FreeRDP 3), so it's unlikely
that we'll be able to use that fix, assuming it works, until Guacamole is fully
migrated to a released version of FreeRDP 3.
For now, we should probably just explicitly disable the NLA mode on the
Guacamole side if FIPS is enabled, logging a warning if needed.
Related: GUACAMOLE-1669
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
