On Tue, Jul 22, 2025 at 10:18 AM Healey, Robert Andrew <[email protected]> wrote:
> Since upgrading to Guacamole 1.6, I've lost the ability to connect to > hosts running Windows 7 over Remote Desktop. > > Are you running Guacamole in Docker or installed natively? > My Windows XP, Windows 10, Windows 11, and XRDP hosts are all still > working fine. It looks like from the logs I'm having TLS failiures > since the Windows 7 hosts seem to only be happy with TLS 1.1 > connections. Is there a way to force the TLS version FreeRDP uses for > specific connections? I'm using the MySQL extension. > > No, but FreeRDP should negotiate this, and, if I recall correctly, the range of options that FreeRDP can negotiate is limited by the OpenSSL configuration of the Linux install on which FreeRDP (=guacd) is running. I see this most often when upgrading to something like RHEL9/Rocky9 where the default TLS configuration is very strict regarding old TLS versions, and it takes some amount of deliberate manual intervention to enable older TLS versions, SHA algorithms, etc. Depending on where you're running Guacamole - either in Docker or what Linux distribution - you may have to adjust things in some different ways. > And before anyone decides to lecture me on running legacy OS's in > production, I am using Guacamole to filter/proxy remote access to > laboratory equipment that is locked to a specific OS build and is > otherwise isolated from the general network. > > I'm quite sympathetic to your plight in that regard - my day job includes maintaining a handful of legacy platforms of various ilks that sometimes take creative means to access properly while still maintaining a secure network. I would venture a guess that anyone working for a company that's been around longer than 10 years has at least one or two similar challenges. -Nick
