search

LibVNC / libvncserver

LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program.
GNU General Public License v2.0
1.08k stars 483 forks source link

libvncclient: allow non-encrypted sub auth methods inside VeNCrypt #529

Closed mdevaev closed 1 year ago

mdevaev commented 2 years ago

Following https://github.com/LibVNC/libvncserver/issues/458

rfbNoAuth and rfbVncAuth are not actually part of VeNCrypt, however it is important to support them to ensure better compatibility. When establishing a connection, the client does not know whether the server supports encryption, and always prefers VeNCrypt if enabled. Next, if encryption is not available on the server, the connection will fail. Since the RFB doesn't have any downgrade methods in case of failure, a client that does not support unencrypted VeNCrypt methods will never be able to connect.

rfbVeNCryptPlain is also supported for better compatibility.

The RFB specification also considers any ordinary subauths valid, which legitimizes this solution:

any of the normal VNC security types (except VeNCrypt) may be sent

For security and backward compatibility reasons, encrypted connections take precedence over unencrypted ones

bk138 commented 1 year ago

@mdevaev thanks for that very nicely crafted PR :clap:

mdevaev commented 1 year ago

:ok_hand: