cannot connect to tigervnc server in fedora 35

[basilrabi]

Is your bug report about the Desktop Multivnc or the Mobile MultiVNC?

• Mobile (Android):

Which MultiVNC version are you using? 2.0.1 (F-Droid) 2.0.3 (Google Playstore)

Describe the bug I am unable to connect to fedora 35 with tigervnc. It only returns "VNC connection failed!"

Log: MultiVNC

This is the log while connecting via MultiVNC

Fri Nov 19 12:02:37 2021
 Connections: accepted: 192.169.101.193::57742
 SConnection: Client needs protocol version 3.8
 SConnection: Client requests security type VeNCrypt(19)
 SVeNCrypt:   Client requests security type TLSVnc (258)
 TLS:         TLS Handshake failed: No supported cipher suites have been found.
 TLS:         TLS session wasn't terminated gracefully
 SConnection: AuthFailureException: Authentication failure: TLS Handshake
              failed
 VNCSConnST:  closing 192.169.101.193::57742: Clean disconnection
 EncodeManager: Framebuffer updates: 0
 EncodeManager:   Total: 0 rects, 0 pixels
 EncodeManager:          0 B (1:-nan ratio)
 Connections: closed: 192.169.101.193::57742
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

Log: VNC Viewer

This is the log when connecting via VNC Viewer in android

Fri Nov 19 12:03:29 2021
 Connections: accepted: 192.169.101.193::57752
 SConnection: Client needs protocol version 3.8
 SConnection: Client requests security type VncAuth(2)
 VNCSConnST:  Server default pixel format depth 24 (32bpp) little-endian rgb888
 VNCSConnST:  Client pixel format depth 6 (8bpp) rgb222
 VNCSConnST:  Client pixel format depth 24 (32bpp) little-endian rgb888

Fri Nov 19 12:03:39 2021
 VNCSConnST:  closing 192.169.101.193::57752: Clean disconnection
 EncodeManager: Framebuffer updates: 3
 EncodeManager:   RRE:
 EncodeManager:     Solid: 2 rects, 32.559 kpixels
 EncodeManager:            34 B (1:958.324 ratio)
 EncodeManager:   ZRLE:
 EncodeManager:     Bitmap RLE: 1 rects, 61.44 kpixels
 EncodeManager:                 150 B (1:409.68 ratio)
 EncodeManager:     Indexed RLE: 33 rects, 2.06024 Mpixels
 EncodeManager:                  135.735 KiB (1:19.0524 ratio)
 EncodeManager:     Full Colour: 27 rects, 1.76256 Mpixels
 EncodeManager:                  2.10678 MiB (1:3.19157 ratio)
 EncodeManager:   Total: 63 rects, 3.9168 Mpixels
 EncodeManager:          2.23951 MiB (1:4.17015 ratio)
 Connections: closed: 192.169.101.193::57752
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

Config

# ~/.vnc/config
session=gnome
securitytypes=none,vncauth,tlsvnc
desktop=somename
geometry=1920x1020
alwaysshared

To Reproduce

1. Connect using proper credentials
2. See error

Expected Behavior Able to connect without error

For the Mobile Version (please complete the following information):

• Android version: 11
• Installed from F-Droid (2.0.1)
• Installed from Google Playstore (2.0.3)

[bk138]

Thumbs up for this very good bug report!

Can't repro this though with a minimal x0tigervncserver example, at least on Debian 11. Here's what I did:

$ apt install tigervnc-standalone-server #YYMV for Fedora
$ x0tigervncserver -rfbport 5901 -SecurityTypes TLSVnc  -verbose -localhost no

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n
Starting /usr/bin/X0tigervnc -rfbport 5901 -localhost=0 -SecurityTypes TLSVnc -PasswordFile /home/bk/.vnc/passwd -ClientWaitTimeMillis 30000

New X0tigervnc server 'denkpad:1 (bk)' on port 5901 for display :0.
Use xtigervncviewer -SecurityTypes TLSVnc -passwd /home/bk/.vnc/passwd denkpad:1 to connect to the VNC server.

Connecting with MultiVNC 2.0.3 gives a server log of:

$ cat .vnc/
denkpad:5901.log  denkpad:5901.pid  passwd            
bk@denkpad:~$ cat .vnc/denkpad\:5901.log 

Sun Dec  5 12:41:42 2021
 Geometry:    Desktop geometry is set to 1920x1080+0+0
 XDesktop:    XTest extension present - version 2.2
 Main:        Listening on port 5901
3NI3X0 New X0tigervnc server 'denkpad:1 (bk)' on port 5901 for display :0.
3NI3X0 Use xtigervncviewer -SecurityTypes TLSVnc -passwd /home/bk/.vnc/passwd denkpad:1 to connect to the VNC server.

Sun Dec  5 12:41:49 2021
 Connections: accepted: 192.168.42.160::37896
 SConnection: Client needs protocol version 3.8
 SConnection: Client requests security type VeNCrypt(19)
 SVeNCrypt:   Client requests security type TLSVnc (258)

Sun Dec  5 12:41:55 2021
 XDesktop:    Enabling 8 buttons of X pointer device
 XDesktop:    Allocated shared memory image
 VNCSConnST:  Server default pixel format depth 24 (32bpp) little-endian rgb888
 VNCSConnST:  Client pixel format depth 24 (32bpp) little-endian bgr888

Sun Dec  5 12:42:00 2021
 VNCSConnST:  closing 192.168.42.160::37896: Clean disconnection
 EncodeManager: Framebuffer updates: 1
 EncodeManager:   Tight:
 EncodeManager:     Solid: 4 rects, 2.07344 Mpixels
 EncodeManager:            64 B (1:129591 ratio)
 EncodeManager:     Indexed RLE: 1 rects, 160 pixels
 EncodeManager:                  123 B (1:5.30081 ratio)
 EncodeManager:   Total: 5 rects, 2.0736 Mpixels
 EncodeManager:          187 B (1:44355.4 ratio)
 TLS:         TLS session wasn't terminated gracefully
 Connections: closed: 192.168.42.160::37896
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

First theory:

• Fedora 35 removed some TLS ciphers in either OpenSSL or GnuTLS. Found https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 which hints at https://pagure.io/fedora-docs/release-notes/issue/470 which has https://pagure.io/fedora-docs/release-notes/issue/470#comment-693309

Few things to do:

• Can you try with the above x0tigervncserver commandline as well?
• Please post the output of ldd /usr/bin/X0tigervnc
• Can you try with the change highlighted in https://pagure.io/fedora-docs/release-notes/issue/470#comment-693309 ?

[basilrabi]

Can you try with the change highlighted in https://pagure.io/fedora-docs/release-notes/issue/470#comment-693309 ?

Tried running update-crypto-policies --set LEGACY then rebooting the system. Tried it also while not rebooting the system. I still can't connect to tigervnc.

Can you try with the above x0tigervncserver commandline as well?

There seem to be no package providing the command x0tigervncserver in fedora 35. However, I tried vncserver -rfbport 5901 -SecurityTypes TLSVnc -verbose -localhost no. Log seems to be similar:

Xvnc TigerVNC 1.11.0 - built Jul 23 2021 00:00:00
Copyright (C) 1999-2020 TigerVNC Team and many others (see README.rst)
See https://www.tigervnc.org for information on TigerVNC.
Underlying X server release 12011000, The X.Org Foundation

Sun Dec  5 23:36:58 2021
 vncext:      VNC extension running!
 vncext:      Listening for VNC connections on all interface(s), port 5901
 vncext:      created VNC server for screen 0
(II) IGLX: Loaded and initialized swrast
(II) GLX: Initialized DRISWRAST GL provider for screen 0
Environment variable $XAUTHORITY not set, ignoring.

Sun Dec  5 23:37:02 2021
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

Sun Dec  5 23:38:08 2021
 Connections: accepted: 192.169.101.128::54744
 SConnection: Client needs protocol version 3.8
 SConnection: Client requests security type VeNCrypt(19)
 SVeNCrypt:   Client requests security type TLSVnc (258)
 TLS:         TLS Handshake failed: No supported cipher suites have been found.
 TLS:         TLS session wasn't terminated gracefully
 SConnection: AuthFailureException: Authentication failure: TLS Handshake
              failed
 VNCSConnST:  closing 192.169.101.128::54744: Clean disconnection
 EncodeManager: Framebuffer updates: 0
 EncodeManager:   Total: 0 rects, 0 pixels
 EncodeManager:          0 B (1:-nan ratio)
 Connections: closed: 192.169.101.128::54744
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

Please post the output of ldd /usr/bin/X0tigervnc

I can't find X0tigervnc but for Xvnc:

$ ldd /usr/bin/Xvnc
    linux-vdso.so.1 (0x00007ffdf29f2000)
    libjpeg.so.62 => /lib64/libjpeg.so.62 (0x00007f66f2f47000)
    libpam.so.0 => /lib64/libpam.so.0 (0x00007f66f2f35000)
    libz.so.1 => /lib64/libz.so.1 (0x00007f66f2f1b000)
    libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007f66f2d0c000)
    libnettle.so.8 => /lib64/libnettle.so.8 (0x00007f66f2cc2000)
    libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007f66f2c16000)
    libXfont2.so.2 => /lib64/libXfont2.so.2 (0x00007f66f2be5000)
    libXau.so.6 => /lib64/libXau.so.6 (0x00007f66f2bdf000)
    libXdmcp.so.6 => /lib64/libXdmcp.so.6 (0x00007f66f2bd7000)
    libGL.so.1 => /lib64/libGL.so.1 (0x00007f66f2b50000)
    libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f66f2931000)
    libm.so.6 => /lib64/libm.so.6 (0x00007f66f2855000)
    libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f66f2839000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f66f262f000)
    libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f66f2601000)
    libeconf.so.0 => /lib64/libeconf.so.0 (0x00007f66f25f6000)
    libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x00007f66f24c4000)
    libidn2.so.0 => /lib64/libidn2.so.0 (0x00007f66f24a3000)
    libunistring.so.2 => /lib64/libunistring.so.2 (0x00007f66f231c000)
    libtasn1.so.6 => /lib64/libtasn1.so.6 (0x00007f66f2304000)
    libhogweed.so.6 => /lib64/libhogweed.so.6 (0x00007f66f22c1000)
    libgmp.so.10 => /lib64/libgmp.so.10 (0x00007f66f221e000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f66f32be000)
    libfontenc.so.1 => /lib64/libfontenc.so.1 (0x00007f66f2214000)
    libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007f66f2149000)
    libGLX.so.0 => /lib64/libGLX.so.0 (0x00007f66f2115000)
    libX11.so.6 => /lib64/libX11.so.6 (0x00007f66f1fcd000)
    libXext.so.6 => /lib64/libXext.so.6 (0x00007f66f1fb8000)
    libGLdispatch.so.0 => /lib64/libGLdispatch.so.0 (0x00007f66f1f00000)
    libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x00007f66f1ef7000)
    libffi.so.6 => /lib64/libffi.so.6 (0x00007f66f1eec000)
    libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f66f1ed7000)
    libpng16.so.16 => /lib64/libpng16.so.16 (0x00007f66f1e9e000)
    libharfbuzz.so.0 => /lib64/libharfbuzz.so.0 (0x00007f66f1dc8000)
    libbrotlidec.so.1 => /lib64/libbrotlidec.so.1 (0x00007f66f1dba000)
    libxcb.so.1 => /lib64/libxcb.so.1 (0x00007f66f1d8f000)
    libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007f66f1c52000)
    libgraphite2.so.3 => /lib64/libgraphite2.so.3 (0x00007f66f1c31000)
    libbrotlicommon.so.1 => /lib64/libbrotlicommon.so.1 (0x00007f66f1c0e000)
    libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f66f1b96000)

[bk138]

I think the line

 TLS:         TLS Handshake failed: No supported cipher suites have been found.

is the most interesting one. Please post the output of gnutls-cli -l on the server machine.

[basilrabi]

$ gnutls-cli -l
Cipher suites:
TLS_AES_128_GCM_SHA256                              0x13, 0x01  TLS1.3
TLS_AES_256_GCM_SHA384                              0x13, 0x02  TLS1.3
TLS_CHACHA20_POLY1305_SHA256                        0x13, 0x03  TLS1.3
TLS_AES_128_CCM_SHA256                              0x13, 0x04  TLS1.3
TLS_AES_128_CCM_8_SHA256                            0x13, 0x05  TLS1.3
TLS_RSA_NULL_MD5                                    0x00, 0x01  TLS1.0
TLS_RSA_NULL_SHA1                                   0x00, 0x02  TLS1.0
TLS_RSA_NULL_SHA256                                 0x00, 0x3b  TLS1.2
TLS_RSA_ARCFOUR_128_SHA1                            0x00, 0x05  TLS1.0
TLS_RSA_ARCFOUR_128_MD5                             0x00, 0x04  TLS1.0
TLS_RSA_3DES_EDE_CBC_SHA1                           0x00, 0x0a  TLS1.0
TLS_RSA_AES_128_CBC_SHA1                            0x00, 0x2f  TLS1.0
TLS_RSA_AES_256_CBC_SHA1                            0x00, 0x35  TLS1.0
TLS_RSA_CAMELLIA_128_CBC_SHA256                     0x00, 0xba  TLS1.2
TLS_RSA_CAMELLIA_256_CBC_SHA256                     0x00, 0xc0  TLS1.2
TLS_RSA_CAMELLIA_128_CBC_SHA1                       0x00, 0x41  TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1                       0x00, 0x84  TLS1.0
TLS_RSA_AES_128_CBC_SHA256                          0x00, 0x3c  TLS1.2
TLS_RSA_AES_256_CBC_SHA256                          0x00, 0x3d  TLS1.2
TLS_RSA_AES_128_GCM_SHA256                          0x00, 0x9c  TLS1.2
TLS_RSA_AES_256_GCM_SHA384                          0x00, 0x9d  TLS1.2
TLS_RSA_CAMELLIA_128_GCM_SHA256                     0xc0, 0x7a  TLS1.2
TLS_RSA_CAMELLIA_256_GCM_SHA384                     0xc0, 0x7b  TLS1.2
TLS_RSA_AES_128_CCM                                 0xc0, 0x9c  TLS1.2
TLS_RSA_AES_256_CCM                                 0xc0, 0x9d  TLS1.2
TLS_RSA_AES_128_CCM_8                               0xc0, 0xa0  TLS1.2
TLS_RSA_AES_256_CCM_8                               0xc0, 0xa1  TLS1.2
TLS_DHE_DSS_ARCFOUR_128_SHA1                        0x00, 0x66  TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1                       0x00, 0x13  TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA1                        0x00, 0x32  TLS1.0
TLS_DHE_DSS_AES_256_CBC_SHA1                        0x00, 0x38  TLS1.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA256                 0x00, 0xbd  TLS1.2
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA256                 0x00, 0xc3  TLS1.2
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1                   0x00, 0x44  TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1                   0x00, 0x87  TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA256                      0x00, 0x40  TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                      0x00, 0x6a  TLS1.2
TLS_DHE_DSS_AES_128_GCM_SHA256                      0x00, 0xa2  TLS1.2
TLS_DHE_DSS_AES_256_GCM_SHA384                      0x00, 0xa3  TLS1.2
TLS_DHE_DSS_CAMELLIA_128_GCM_SHA256                 0xc0, 0x80  TLS1.2
TLS_DHE_DSS_CAMELLIA_256_GCM_SHA384                 0xc0, 0x81  TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1                       0x00, 0x16  TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA1                        0x00, 0x33  TLS1.0
TLS_DHE_RSA_AES_256_CBC_SHA1                        0x00, 0x39  TLS1.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA256                 0x00, 0xbe  TLS1.2
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA256                 0x00, 0xc4  TLS1.2
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                   0x00, 0x45  TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                   0x00, 0x88  TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA256                      0x00, 0x67  TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                      0x00, 0x6b  TLS1.2
TLS_DHE_RSA_AES_128_GCM_SHA256                      0x00, 0x9e  TLS1.2
TLS_DHE_RSA_AES_256_GCM_SHA384                      0x00, 0x9f  TLS1.2
TLS_DHE_RSA_CAMELLIA_128_GCM_SHA256                 0xc0, 0x7c  TLS1.2
TLS_DHE_RSA_CAMELLIA_256_GCM_SHA384                 0xc0, 0x7d  TLS1.2
TLS_DHE_RSA_CHACHA20_POLY1305                       0xcc, 0xaa  TLS1.2
TLS_DHE_RSA_AES_128_CCM                             0xc0, 0x9e  TLS1.2
TLS_DHE_RSA_AES_256_CCM                             0xc0, 0x9f  TLS1.2
TLS_DHE_RSA_AES_128_CCM_8                           0xc0, 0xa2  TLS1.2
TLS_DHE_RSA_AES_256_CCM_8                           0xc0, 0xa3  TLS1.2
TLS_ECDHE_RSA_NULL_SHA1                             0xc0, 0x10  TLS1.0
TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1                     0xc0, 0x12  TLS1.0
TLS_ECDHE_RSA_AES_128_CBC_SHA1                      0xc0, 0x13  TLS1.0
TLS_ECDHE_RSA_AES_256_CBC_SHA1                      0xc0, 0x14  TLS1.0
TLS_ECDHE_RSA_AES_256_CBC_SHA384                    0xc0, 0x28  TLS1.2
TLS_ECDHE_RSA_ARCFOUR_128_SHA1                      0xc0, 0x11  TLS1.0
TLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256               0xc0, 0x76  TLS1.2
TLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384               0xc0, 0x77  TLS1.2
TLS_ECDHE_ECDSA_NULL_SHA1                           0xc0, 0x06  TLS1.0
TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1                   0xc0, 0x08  TLS1.0
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                    0xc0, 0x09  TLS1.0
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                    0xc0, 0x0a  TLS1.0
TLS_ECDHE_ECDSA_ARCFOUR_128_SHA1                    0xc0, 0x07  TLS1.0
TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256             0xc0, 0x72  TLS1.2
TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384             0xc0, 0x73  TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256                  0xc0, 0x23  TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA256                    0xc0, 0x27  TLS1.2
TLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256             0xc0, 0x86  TLS1.2
TLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384             0xc0, 0x87  TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                  0xc0, 0x2b  TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                  0xc0, 0x2c  TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256                    0xc0, 0x2f  TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384                    0xc0, 0x30  TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                  0xc0, 0x24  TLS1.2
TLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256               0xc0, 0x8a  TLS1.2
TLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384               0xc0, 0x8b  TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                     0xcc, 0xa8  TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                   0xcc, 0xa9  TLS1.2
TLS_ECDHE_ECDSA_AES_128_CCM                         0xc0, 0xac  TLS1.2
TLS_ECDHE_ECDSA_AES_256_CCM                         0xc0, 0xad  TLS1.2
TLS_ECDHE_ECDSA_AES_128_CCM_8                       0xc0, 0xae  TLS1.2
TLS_ECDHE_ECDSA_AES_256_CCM_8                       0xc0, 0xaf  TLS1.2
TLS_ECDHE_PSK_3DES_EDE_CBC_SHA1                     0xc0, 0x34  TLS1.0
TLS_ECDHE_PSK_AES_128_CBC_SHA1                      0xc0, 0x35  TLS1.0
TLS_ECDHE_PSK_AES_256_CBC_SHA1                      0xc0, 0x36  TLS1.0
TLS_ECDHE_PSK_AES_128_CBC_SHA256                    0xc0, 0x37  TLS1.2
TLS_ECDHE_PSK_AES_256_CBC_SHA384                    0xc0, 0x38  TLS1.2
TLS_ECDHE_PSK_ARCFOUR_128_SHA1                      0xc0, 0x33  TLS1.0
TLS_ECDHE_PSK_NULL_SHA1                             0xc0, 0x39  TLS1.0
TLS_ECDHE_PSK_NULL_SHA256                           0xc0, 0x3a  TLS1.2
TLS_ECDHE_PSK_NULL_SHA384                           0xc0, 0x3b  TLS1.0
TLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256               0xc0, 0x9a  TLS1.2
TLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384               0xc0, 0x9b  TLS1.2
TLS_PSK_ARCFOUR_128_SHA1                            0x00, 0x8a  TLS1.0
TLS_PSK_3DES_EDE_CBC_SHA1                           0x00, 0x8b  TLS1.0
TLS_PSK_AES_128_CBC_SHA1                            0x00, 0x8c  TLS1.0
TLS_PSK_AES_256_CBC_SHA1                            0x00, 0x8d  TLS1.0
TLS_PSK_AES_128_CBC_SHA256                          0x00, 0xae  TLS1.2
TLS_PSK_AES_256_GCM_SHA384                          0x00, 0xa9  TLS1.2
TLS_PSK_CAMELLIA_128_GCM_SHA256                     0xc0, 0x8e  TLS1.2
TLS_PSK_CAMELLIA_256_GCM_SHA384                     0xc0, 0x8f  TLS1.2
TLS_PSK_AES_128_GCM_SHA256                          0x00, 0xa8  TLS1.2
TLS_PSK_NULL_SHA1                                   0x00, 0x2c  TLS1.0
TLS_PSK_NULL_SHA256                                 0x00, 0xb0  TLS1.2
TLS_PSK_CAMELLIA_128_CBC_SHA256                     0xc0, 0x94  TLS1.2
TLS_PSK_CAMELLIA_256_CBC_SHA384                     0xc0, 0x95  TLS1.2
TLS_PSK_AES_256_CBC_SHA384                          0x00, 0xaf  TLS1.2
TLS_PSK_NULL_SHA384                                 0x00, 0xb1  TLS1.2
TLS_RSA_PSK_ARCFOUR_128_SHA1                        0x00, 0x92  TLS1.0
TLS_RSA_PSK_3DES_EDE_CBC_SHA1                       0x00, 0x93  TLS1.0
TLS_RSA_PSK_AES_128_CBC_SHA1                        0x00, 0x94  TLS1.0
TLS_RSA_PSK_AES_256_CBC_SHA1                        0x00, 0x95  TLS1.0
TLS_RSA_PSK_CAMELLIA_128_GCM_SHA256                 0xc0, 0x92  TLS1.2
TLS_RSA_PSK_CAMELLIA_256_GCM_SHA384                 0xc0, 0x93  TLS1.2
TLS_RSA_PSK_AES_128_GCM_SHA256                      0x00, 0xac  TLS1.2
TLS_RSA_PSK_AES_128_CBC_SHA256                      0x00, 0xb6  TLS1.2
TLS_RSA_PSK_NULL_SHA1                               0x00, 0x2e  TLS1.0
TLS_RSA_PSK_NULL_SHA256                             0x00, 0xb8  TLS1.2
TLS_RSA_PSK_AES_256_GCM_SHA384                      0x00, 0xad  TLS1.2
TLS_RSA_PSK_AES_256_CBC_SHA384                      0x00, 0xb7  TLS1.2
TLS_RSA_PSK_NULL_SHA384                             0x00, 0xb9  TLS1.2
TLS_RSA_PSK_CAMELLIA_128_CBC_SHA256                 0xc0, 0x98  TLS1.2
TLS_RSA_PSK_CAMELLIA_256_CBC_SHA384                 0xc0, 0x99  TLS1.2
TLS_DHE_PSK_ARCFOUR_128_SHA1                        0x00, 0x8e  TLS1.0
TLS_DHE_PSK_3DES_EDE_CBC_SHA1                       0x00, 0x8f  TLS1.0
TLS_DHE_PSK_AES_128_CBC_SHA1                        0x00, 0x90  TLS1.0
TLS_DHE_PSK_AES_256_CBC_SHA1                        0x00, 0x91  TLS1.0
TLS_DHE_PSK_AES_128_CBC_SHA256                      0x00, 0xb2  TLS1.2
TLS_DHE_PSK_AES_128_GCM_SHA256                      0x00, 0xaa  TLS1.2
TLS_DHE_PSK_NULL_SHA1                               0x00, 0x2d  TLS1.0
TLS_DHE_PSK_NULL_SHA256                             0x00, 0xb4  TLS1.2
TLS_DHE_PSK_NULL_SHA384                             0x00, 0xb5  TLS1.2
TLS_DHE_PSK_AES_256_CBC_SHA384                      0x00, 0xb3  TLS1.2
TLS_DHE_PSK_AES_256_GCM_SHA384                      0x00, 0xab  TLS1.2
TLS_DHE_PSK_CAMELLIA_128_CBC_SHA256                 0xc0, 0x96  TLS1.2
TLS_DHE_PSK_CAMELLIA_256_CBC_SHA384                 0xc0, 0x97  TLS1.2
TLS_DHE_PSK_CAMELLIA_128_GCM_SHA256                 0xc0, 0x90  TLS1.2
TLS_DHE_PSK_CAMELLIA_256_GCM_SHA384                 0xc0, 0x91  TLS1.2
TLS_PSK_AES_128_CCM                                 0xc0, 0xa4  TLS1.2
TLS_PSK_AES_256_CCM                                 0xc0, 0xa5  TLS1.2
TLS_DHE_PSK_AES_128_CCM                             0xc0, 0xa6  TLS1.2
TLS_DHE_PSK_AES_256_CCM                             0xc0, 0xa7  TLS1.2
TLS_PSK_AES_128_CCM_8                               0xc0, 0xa8  TLS1.2
TLS_PSK_AES_256_CCM_8                               0xc0, 0xa9  TLS1.2
TLS_DHE_PSK_AES_128_CCM_8                           0xc0, 0xaa  TLS1.2
TLS_DHE_PSK_AES_256_CCM_8                           0xc0, 0xab  TLS1.2
TLS_DHE_PSK_CHACHA20_POLY1305                       0xcc, 0xad  TLS1.2
TLS_ECDHE_PSK_CHACHA20_POLY1305                     0xcc, 0xac  TLS1.2
TLS_RSA_PSK_CHACHA20_POLY1305                       0xcc, 0xae  TLS1.2
TLS_PSK_CHACHA20_POLY1305                           0xcc, 0xab  TLS1.2
TLS_DH_ANON_ARCFOUR_128_MD5                         0x00, 0x18  TLS1.0
TLS_DH_ANON_3DES_EDE_CBC_SHA1                       0x00, 0x1b  TLS1.0
TLS_DH_ANON_AES_128_CBC_SHA1                        0x00, 0x34  TLS1.0
TLS_DH_ANON_AES_256_CBC_SHA1                        0x00, 0x3a  TLS1.0
TLS_DH_ANON_CAMELLIA_128_CBC_SHA256                 0x00, 0xbf  TLS1.2
TLS_DH_ANON_CAMELLIA_256_CBC_SHA256                 0x00, 0xc5  TLS1.2
TLS_DH_ANON_CAMELLIA_128_CBC_SHA1                   0x00, 0x46  TLS1.0
TLS_DH_ANON_CAMELLIA_256_CBC_SHA1                   0x00, 0x89  TLS1.0
TLS_DH_ANON_AES_128_CBC_SHA256                      0x00, 0x6c  TLS1.2
TLS_DH_ANON_AES_256_CBC_SHA256                      0x00, 0x6d  TLS1.2
TLS_DH_ANON_AES_128_GCM_SHA256                      0x00, 0xa6  TLS1.2
TLS_DH_ANON_AES_256_GCM_SHA384                      0x00, 0xa7  TLS1.2
TLS_DH_ANON_CAMELLIA_128_GCM_SHA256                 0xc0, 0x84  TLS1.2
TLS_DH_ANON_CAMELLIA_256_GCM_SHA384                 0xc0, 0x85  TLS1.2
TLS_ECDH_ANON_NULL_SHA1                             0xc0, 0x15  TLS1.0
TLS_ECDH_ANON_3DES_EDE_CBC_SHA1                     0xc0, 0x17  TLS1.0
TLS_ECDH_ANON_AES_128_CBC_SHA1                      0xc0, 0x18  TLS1.0
TLS_ECDH_ANON_AES_256_CBC_SHA1                      0xc0, 0x19  TLS1.0
TLS_ECDH_ANON_ARCFOUR_128_SHA1                      0xc0, 0x16  TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1                       0xc0, 0x1a  TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1                        0xc0, 0x1d  TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1                        0xc0, 0x20  TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1                   0xc0, 0x1c  TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1                   0xc0, 0x1b  TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1                    0xc0, 0x1f  TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1                    0xc0, 0x1e  TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1                    0xc0, 0x22  TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1                    0xc0, 0x21  TLS1.0
TLS_GOSTR341112_256_28147_CNT_IMIT                  0xc1, 0x02  TLS1.2

Certificate types: CTYPE-X.509, CTYPE-Raw Public Key
Protocols: VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, VERS-TLS1.3, VERS-DTLS0.9, VERS-DTLS1.0, VERS-DTLS1.2
Ciphers: AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM, AES-192-GCM, AES-256-GCM, AES-128-CCM, AES-256-CCM, AES-128-CCM-8, AES-256-CCM-8, ARCFOUR-128, ESTREAM-SALSA20-256, SALSA20-256, CHACHA20-32, CHACHA20-64, CAMELLIA-256-CBC, CAMELLIA-192-CBC, CAMELLIA-128-CBC, CHACHA20-POLY1305, CAMELLIA-128-GCM, CAMELLIA-256-GCM, GOST28147-TC26Z-CFB, GOST28147-CPA-CFB, GOST28147-CPB-CFB, GOST28147-CPC-CFB, GOST28147-CPD-CFB, AES-128-CFB8, AES-192-CFB8, AES-256-CFB8, AES-128-XTS, AES-256-XTS, AES-128-SIV, AES-256-SIV, GOST28147-TC26Z-CNT, MAGMA-CTR-ACPKM, KUZNYECHIK-CTR-ACPKM, 3DES-CBC, DES-CBC, RC2-40, NULL
MACs: SHA1, SHA256, SHA384, SHA512, SHA224, UMAC-96, UMAC-128, AEAD, MD5, GOSTR341194, STREEBOG-256, STREEBOG-512, AES-CMAC-128, AES-CMAC-256, AES-GMAC-128, AES-GMAC-192, AES-GMAC-256, GOST28147-TC26Z-IMIT, OMAC-MAGMA, OMAC-KUZNYECHIK
Digests: SHA1, SHA256, SHA384, SHA512, SHA224, MD5, GOSTR341194, STREEBOG-256, STREEBOG-512
Key exchange algorithms: ECDHE-RSA, ECDHE-ECDSA, RSA, DHE-RSA, DHE-DSS, PSK, RSA-PSK, DHE-PSK, ECDHE-PSK, SRP-DSS, SRP-RSA, SRP, ANON-DH, ANON-ECDH, VKO-GOST-12, RSA-EXPORT
Compression: COMP-NULL
Groups: GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-GC256B, GROUP-GC512A, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, GROUP-FFDHE8192
Public Key Systems: RSA, RSA-PSS, RSA, DSA, GOST R 34.10-2012-512, GOST R 34.10-2012-256, GOST R 34.10-2001, EC/ECDSA, EdDSA (Ed25519), EdDSA (Ed448), DH, ECDH (X25519), ECDH (X448)
PK-signatures: SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-RSAE-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-RSAE-SHA384, SIGN-RSA-PSS-SHA512, SIGN-RSA-PSS-RSAE-SHA512, SIGN-EdDSA-Ed25519, SIGN-EdDSA-Ed448, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512, SIGN-ECDSA-SECP256R1-SHA256, SIGN-ECDSA-SECP384R1-SHA384, SIGN-ECDSA-SECP521R1-SHA512, SIGN-ECDSA-SHA3-224, SIGN-ECDSA-SHA3-256, SIGN-ECDSA-SHA3-384, SIGN-ECDSA-SHA3-512, SIGN-RSA-SHA3-224, SIGN-RSA-SHA3-256, SIGN-RSA-SHA3-384, SIGN-RSA-SHA3-512, SIGN-DSA-SHA3-224, SIGN-DSA-SHA3-256, SIGN-DSA-SHA3-384, SIGN-DSA-SHA3-512, SIGN-RSA-RAW, SIGN-RSA-SHA1, SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-RSA-MD5, SIGN-RSA-MD2, SIGN-ECDSA-SHA1, SIGN-ECDSA-SHA224, SIGN-GOSTR341012-512, SIGN-GOSTR341012-256, SIGN-GOSTR341001, SIGN-DSA-SHA384, SIGN-DSA-SHA512

[bk138]

Alright, there's a difference:

$ git diff --word-diff fedora35.log debian11.log 
diff --git a/fedora35.log b/debian11.log
index a6241c5..393c4aa 100644
--- a/fedora35.log
+++ b/debian11.log
@@ -195,6 +195,6 @@ MACs: SHA1, SHA256, SHA384, SHA512, SHA224, UMAC-96, UMAC-128, AEAD, MD5, GOSTR3
Digests: SHA1, SHA256, SHA384, SHA512, SHA224, MD5, GOSTR341194, STREEBOG-256, STREEBOG-512
Key exchange algorithms: ECDHE-RSA, ECDHE-ECDSA, RSA, DHE-RSA, DHE-DSS, PSK, RSA-PSK, DHE-PSK, ECDHE-PSK, SRP-DSS, SRP-RSA, SRP, ANON-DH, ANON-ECDH, VKO-GOST-12, RSA-EXPORT
Compression: COMP-NULL
Groups: {+GROUP-SECP192R1, GROUP-SECP224R1,+} GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-GC256B, GROUP-GC512A, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, GROUP-FFDHE8192
Public Key Systems: RSA, RSA-PSS, RSA, DSA, GOST R 34.10-2012-512, GOST R 34.10-2012-256, GOST R 34.10-2001, EC/ECDSA, EdDSA (Ed25519), EdDSA (Ed448), DH, ECDH (X25519), ECDH (X448)
PK-signatures: SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-RSAE-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-RSAE-SHA384, SIGN-RSA-PSS-SHA512, SIGN-RSA-PSS-RSAE-SHA512, SIGN-EdDSA-Ed25519, SIGN-EdDSA-Ed448, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512, SIGN-ECDSA-SECP256R1-SHA256, SIGN-ECDSA-SECP384R1-SHA384, SIGN-ECDSA-SECP521R1-SHA512, SIGN-ECDSA-SHA3-224, SIGN-ECDSA-SHA3-256, SIGN-ECDSA-SHA3-384, SIGN-ECDSA-SHA3-512, SIGN-RSA-SHA3-224, SIGN-RSA-SHA3-256, SIGN-RSA-SHA3-384, SIGN-RSA-SHA3-512, SIGN-DSA-SHA3-224, SIGN-DSA-SHA3-256, SIGN-DSA-SHA3-384, SIGN-DSA-SHA3-512, SIGN-RSA-RAW, SIGN-RSA-SHA1, SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-RSA-MD5, SIGN-RSA-MD2, SIGN-ECDSA-SHA1, SIGN-ECDSA-SHA224, SIGN-GOSTR341012-512, SIGN-GOSTR341012-256, SIGN-GOSTR341001, SIGN-DSA-SHA384, SIGN-DSA-SHA512

Debian has GROUP-SECP192R1, GROUP-SECP224R1 while Fedora has not...

[uttarayan21]

I'm running into the same issue on Archlinux Here's the diff with the fedora and it seems like arch has the same result as debian.

diff --git a/fedora.log b/arch.log
index a6241c5..393c4aa 100644
--- a/fedora.log
+++ b/arch.log
@@ -195,6 +195,6 @@ MACs: SHA1, SHA256, SHA384, SHA512, SHA224, UMAC-96, UMAC-128, AEAD, MD5, GOSTR3
Digests: SHA1, SHA256, SHA384, SHA512, SHA224, MD5, GOSTR341194, STREEBOG-256, STREEBOG-512
Key exchange algorithms: ECDHE-RSA, ECDHE-ECDSA, RSA, DHE-RSA, DHE-DSS, PSK, RSA-PSK, DHE-PSK, ECDHE-PSK, SRP-DSS, SRP-RSA, SRP, ANON-DH, ANON-ECDH, VKO-GOST-12, RSA-EXPORT
Compression: COMP-NULL
Groups: {+GROUP-SECP192R1, GROUP-SECP224R1,+} GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-GC256B, GROUP-GC512A, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, GROUP-FFDHE8192
Public Key Systems: RSA, RSA-PSS, RSA, DSA, GOST R 34.10-2012-512, GOST R 34.10-2012-256, GOST R 34.10-2001, EC/ECDSA, EdDSA (Ed25519), EdDSA (Ed448), DH, ECDH (X25519), ECDH (X448)
PK-signatures: SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-RSAE-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-RSAE-SHA384, SIGN-RSA-PSS-SHA512, SIGN-RSA-PSS-RSAE-SHA512, SIGN-EdDSA-Ed25519, SIGN-EdDSA-Ed448, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512, SIGN-ECDSA-SECP256R1-SHA256, SIGN-ECDSA-SECP384R1-SHA384, SIGN-ECDSA-SECP521R1-SHA512, SIGN-ECDSA-SHA3-224, SIGN-ECDSA-SHA3-256, SIGN-ECDSA-SHA3-384, SIGN-ECDSA-SHA3-512, SIGN-RSA-SHA3-224, SIGN-RSA-SHA3-256, SIGN-RSA-SHA3-384, SIGN-RSA-SHA3-512, SIGN-DSA-SHA3-224, SIGN-DSA-SHA3-256, SIGN-DSA-SHA3-384, SIGN-DSA-SHA3-512, SIGN-RSA-RAW, SIGN-RSA-SHA1, SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-RSA-MD5, SIGN-RSA-MD2, SIGN-ECDSA-SHA1, SIGN-ECDSA-SHA224, SIGN-GOSTR341012-512, SIGN-GOSTR341012-256, SIGN-GOSTR341001, SIGN-DSA-SHA384, SIGN-DSA-SHA512

My tigervnc logs when connection fails.

  Tue Jan 11 15:11:33 2022                                                                                                                           
   Connections: accepted: 192.168.1.112::42102                                                                                                       
   SConnection: Client needs protocol version 3.8                                                                                                    
   SConnection: Client requests security type VeNCrypt(19)                                                                                              SVeNCrypt:   Client requests security type TLSVnc (258)                                                                                           
   TLS:         TLS Handshake failed: No supported cipher suites have been found.                                                                    
   SConnection: AuthFailureException: Authentication failure: TLS Handshake                                                                          
                failed                                                                                                                               
   VNCSConnST:  closing 192.168.1.112::42102: Clean disconnection                                                                                    
   EncodeManager: Framebuffer updates: 0                                                                                                             
   EncodeManager:   Total: 0 rects, 0 pixels                                                                                                         
   EncodeManager:          0 B (1:-nan ratio)                                                                                                        
   Connections: closed: 192.168.1.112::42102                                                                                                         
   ComparingUpdateTracker: 0 pixels in / 0 pixels out                                                                                                
   ComparingUpdateTracker: (1:-nan ratio)

[gujjwal00]

I can reproduce this with a Fedora 35 VM. If I include AECDH (i.e. ADH:AECDH) in LibVNCClient's cipher list, I can connect successfully using MultiVNC.

@basilrabi , @uttarayan21 can you please test this APK: app-debug.zip

@bk138 I am guessing that our ADH setup has lower key strength, because GnuTLS accepts the same cipher (GNUTLS_DH_ANON_AES_256_GCM_SHA384) when offered by wolfSSL (used in AVNC). Using AECDH simply enables Elliptic Curve ciphers like GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, and doesn't fix other ADH ciphers. So we should look more into this.

Server logs:

With AECDH

```python [liveuser@localhost-live ~]$ GNUTLS_DEBUG_LEVEL=4 x0vncserver -PasswordFile pass gnutls[2]: Enabled GnuTLS 3.7.2 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected gnutls[2]: cfg: marking hash SHA1 as insecure gnutls[2]: cfg: marking hash MD5 as insecure gnutls[2]: cfg: marking hash STREEBOG-256 as insecure gnutls[2]: cfg: marking hash STREEBOG-512 as insecure gnutls[2]: cfg: marking hash GOSTR341194 as insecure gnutls[2]: cfg: disabling MAC MD5 for TLS gnutls[2]: cfg: disabling MAC STREEBOG-256 for TLS gnutls[2]: cfg: disabling MAC STREEBOG-512 for TLS gnutls[2]: cfg: disabling MAC GOST28147-TC26Z-IMIT for TLS gnutls[2]: cfg: disabling group GC256B for TLS gnutls[2]: cfg: disabling group GC512A for TLS gnutls[2]: cfg: marking signature RSA-MD5 as insecure gnutls[2]: cfg: marking signature RSA-SHA1 as insecure gnutls[2]: cfg: marking signature DSA-SHA1 as insecure gnutls[2]: cfg: marking signature ECDSA-SHA1 as insecure gnutls[2]: cfg: marking signature DSA-SHA224 as insecure gnutls[2]: cfg: marking signature DSA-SHA256 as insecure gnutls[2]: cfg: marking signature DSA-SHA384 as insecure gnutls[2]: cfg: marking signature DSA-SHA512 as insecure gnutls[2]: cfg: marking signature GOSTR341012-512 as insecure gnutls[2]: cfg: marking signature GOSTR341012-256 as insecure gnutls[2]: cfg: marking signature GOSTR341001 as insecure gnutls[2]: cfg: marking signature rsa-sha1 as insecure for certs gnutls[2]: cfg: marking signature dsa-sha1 as insecure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as insecure for certs gnutls[2]: cfg: disabling cipher CAMELLIA-256-GCM for TLS gnutls[2]: cfg: disabling cipher CAMELLIA-128-GCM for TLS gnutls[2]: cfg: disabling cipher CAMELLIA-256-CBC for TLS gnutls[2]: cfg: disabling cipher CAMELLIA-128-CBC for TLS gnutls[2]: cfg: disabling cipher 3DES-CBC for TLS gnutls[2]: cfg: disabling cipher ARCFOUR-128 for TLS gnutls[2]: cfg: disabling cipher GOST28147-TC26Z-CFB for TLS gnutls[2]: cfg: disabling cipher GOST28147-CPA-CFB for TLS gnutls[2]: cfg: disabling cipher GOST28147-CPB-CFB for TLS gnutls[2]: cfg: disabling cipher GOST28147-CPC-CFB for TLS gnutls[2]: cfg: disabling cipher GOST28147-CPD-CFB for TLS gnutls[2]: cfg: disabling cipher GOST28147-TC26Z-CNT for TLS gnutls[2]: cfg: disabling key exchange DHE-DSS for TLS gnutls[2]: cfg: disabling key exchange VKO-GOST-12 for TLS gnutls[2]: cfg: disabling version TLS1.1 gnutls[2]: cfg: disabling version TLS1.0 gnutls[2]: cfg: disabling version SSL3.0 gnutls[2]: cfg: disabling version DTLS1.0 gnutls[2]: cfg: adding priority: SYSTEM -> NORMAL gnutls[2]: cfg: loaded system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1629397278 Tue Jan 18 02:50:41 2022 Geometry: Desktop geometry is set to 1920x939+0+0 XDesktop: XTest extension present - version 2.2 XDesktop: DAMAGE extension not present XDesktop: Will have to poll screen for changes XDesktop: RANDR extension not present XDesktop: Will not be able to handle session resize Main: Listening on port 5900 Tue Jan 18 02:50:43 2022 Connections: accepted: 192.168.43.1::44630 SConnection: Client needs protocol version 3.8 SConnection: Client requests security type VeNCrypt(19) SVeNCrypt: Client requests security type TLSVnc (258) gnutls[2]: cfg: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NORMAL', next '' gnutls[2]: selected priority string: NORMAL gnutls[2]: added 3 protocols, 29 ciphersuites, 19 sig algos and 10 groups into priority list gnutls[2]: cfg: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NORMAL', next '' gnutls[2]: selected priority string: NORMAL:+ANON-ECDH:+ANON-DH gnutls[2]: added 3 protocols, 35 ciphersuites, 19 sig algos and 10 groups into priority list gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[4]: HSK[0x5629c778d5f0]: CLIENT HELLO (1) was received. Length 127[127], frag offset 0, frag length: 127, sequence: 0 gnutls[4]: HSK[0x5629c778d5f0]: Client's version: 3.3 gnutls[3]: ASSERT: db.c[_gnutls_server_restore_session]:334 gnutls[4]: EXT[0x5629c778d5f0]: Parsing extension 'Supported EC Point Formats/11' (2 bytes) gnutls[4]: EXT[0x5629c778d5f0]: Parsing extension 'Supported Groups/10' (8 bytes) gnutls[4]: EXT[0x5629c778d5f0]: Received group X25519 (0x1d) gnutls[4]: EXT[0x5629c778d5f0]: Received group SECP256R1 (0x17) gnutls[4]: EXT[0x5629c778d5f0]: Received group SECP384R1 (0x18) gnutls[4]: EXT[0x5629c778d5f0]: Selected group X25519 gnutls[4]: EXT[0x5629c778d5f0]: Parsing extension 'Session Ticket/35' (0 bytes) gnutls[4]: EXT[0x5629c778d5f0]: Parsing extension 'Signature Algorithms/13' (24 bytes) gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (6.1) RSA-SHA512 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (6.3) ECDSA-SHA512 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (5.1) RSA-SHA384 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (5.3) ECDSA-SHA384 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (4.1) RSA-SHA256 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (4.3) ECDSA-SHA256 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (2.1) RSA-SHA1 gnutls[4]: EXT[0x5629c778d5f0]: rcvd signature algo (2.3) ECDSA-SHA1 gnutls[4]: HSK[0x5629c778d5f0]: Received safe renegotiation CS gnutls[2]: checking 00.a7 (GNUTLS_DH_ANON_AES_256_GCM_SHA384) for compatibility gnutls[2]: checking 00.6d (GNUTLS_DH_ANON_AES_256_CBC_SHA256) for compatibility gnutls[2]: checking 00.3a (GNUTLS_DH_ANON_AES_256_CBC_SHA1) for compatibility gnutls[2]: checking 00.c5 (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256) for compatibility gnutls[2]: checking 00.89 (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1) for compatibility gnutls[2]: checking 00.a6 (GNUTLS_DH_ANON_AES_128_GCM_SHA256) for compatibility gnutls[2]: checking 00.6c (GNUTLS_DH_ANON_AES_128_CBC_SHA256) for compatibility gnutls[2]: checking 00.34 (GNUTLS_DH_ANON_AES_128_CBC_SHA1) for compatibility gnutls[2]: checking 00.bf (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256) for compatibility gnutls[2]: checking 00.46 (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1) for compatibility gnutls[2]: checking 00.18 (GNUTLS_DH_ANON_ARCFOUR_128_MD5) for compatibility gnutls[2]: checking 00.1b (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1) for compatibility gnutls[2]: checking c0.19 (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1) for compatibility gnutls[4]: HSK[0x5629c778d5f0]: Selected group X25519 (6) gnutls[4]: HSK[0x5629c778d5f0]: Selected cipher suite: GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 gnutls[4]: HSK[0x5629c778d5f0]: Selected version TLS1.2 gnutls[4]: HSK[0x5629c778d5f0]: Safe renegotiation succeeded gnutls[4]: HSK[0x5629c778d5f0]: SessionID: 169f1df3f251534f370f013703b3aa5c5d36620631f639683a18f9e083454418 gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (OCSP Status Request/5) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Client Certificate Type/19) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Server Certificate Type/20) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Supported Groups/10) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Supported EC Point Formats/11) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Sending extension Supported EC Point Formats/11 (2 bytes) gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (SRP/12) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (Signature Algorithms/13) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (SRTP/14) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Heartbeat/15) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (ALPN/16) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Encrypt-then-MAC/22) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Extended Master Secret/23) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Session Ticket/35) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (Key Share/51) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Supported Versions/43) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Safe Renegotiation/65281) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Sending extension Safe Renegotiation/65281 (1 bytes) gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Server Name Indication/0) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (Cookie/44) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (Early Data/42) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (PSK Key Exchange Modes/45) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Record Size Limit/28) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Preparing extension (Maximum Record Size/1) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (ClientHello Padding/21) for 'TLS 1.2 server hello' gnutls[4]: EXT[0x5629c778d5f0]: Not sending extension (Pre Shared Key/41) for 'TLS 1.2 server hello' gnutls[4]: HSK[0x5629c778d5f0]: SERVER HELLO was queued [87 bytes] gnutls[4]: HSK[0x5629c778d5f0]: SERVER KEY EXCHANGE was queued [40 bytes] gnutls[4]: HSK[0x5629c778d5f0]: SERVER HELLO DONE was queued [4 bytes] gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[4]: HSK[0x5629c778d5f0]: CLIENT KEY EXCHANGE (16) was received. Length 33[33], frag offset 0, frag length: 33, sequence: 0 gnutls[4]: HSK[0x5629c778d5f0]: Cipher Suite: GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[4]: HSK[0x5629c778d5f0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 gnutls[4]: HSK[0x5629c778d5f0]: recording tls-unique CB (recv) gnutls[4]: REC[0x5629c778d5f0]: Sent ChangeCipherSpec gnutls[4]: HSK[0x5629c778d5f0]: Cipher Suite: GNUTLS_ECDH_ANON_AES_256_CBC_SHA1 gnutls[4]: HSK[0x5629c778d5f0]: Initializing internal [write] cipher sessions gnutls[4]: HSK[0x5629c778d5f0]: FINISHED was queued [16 bytes] XDesktop: Enabling 8 buttons of X pointer device XDesktop: Allocated shared memory image VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 Tue Jan 18 02:50:49 2022 VNCSConnST: closing 192.168.43.1::44630: Clean disconnection EncodeManager: Framebuffer updates: 1 EncodeManager: Tight: EncodeManager: Solid: 4 rects, 1.80256 Mpixels EncodeManager: 64 B (1:112661 ratio) EncodeManager: Indexed RLE: 1 rects, 315 pixels EncodeManager: 411 B (1:3.09489 ratio) EncodeManager: Total: 5 rects, 1.80288 Mpixels EncodeManager: 475 B (1:15182.3 ratio) gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696 gnutls[3]: ASSERT: buffers.c[_gnutls_writev_emu]:464 gnutls[2]: WRITE: -1 returned from 0x5629c7790ba0, errno: 22 gnutls[3]: ASSERT: buffers.c[errno_to_gerr]:230 gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:722 gnutls[3]: ASSERT: record.c[_gnutls_send_tlen_int]:589 gnutls[3]: ASSERT: record.c[gnutls_bye]:304 TLS: TLS session wasn't terminated gracefully TcpSocket: unable to get peer name for socket Connections: closed: ::0 ComparingUpdateTracker: 0 pixels in / 0 pixels out ComparingUpdateTracker: (1:-nan ratio) ```

Without AECDH

```python Tue Jan 18 02:54:37 2022 Connections: accepted: 192.168.43.1::44646 SConnection: Client needs protocol version 3.8 SConnection: Client requests security type VeNCrypt(19) SVeNCrypt: Client requests security type TLSVnc (258) gnutls[2]: cfg: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NORMAL', next '' gnutls[2]: selected priority string: NORMAL gnutls[2]: added 3 protocols, 29 ciphersuites, 19 sig algos and 10 groups into priority list gnutls[2]: cfg: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NORMAL', next '' gnutls[2]: selected priority string: NORMAL:+ANON-ECDH:+ANON-DH gnutls[2]: added 3 protocols, 35 ciphersuites, 19 sig algos and 10 groups into priority list gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 gnutls[3]: ASSERT: buffers.c[get_last_packet]:1185 gnutls[4]: HSK[0x5629c778d560]: CLIENT HELLO (1) was received. Length 99[99], frag offset 0, frag length: 99, sequence: 0 gnutls[4]: HSK[0x5629c778d560]: Client's version: 3.3 gnutls[3]: ASSERT: db.c[_gnutls_server_restore_session]:334 gnutls[4]: EXT[0x5629c778d560]: Parsing extension 'Session Ticket/35' (0 bytes) gnutls[4]: EXT[0x5629c778d560]: Parsing extension 'Signature Algorithms/13' (24 bytes) gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (6.1) RSA-SHA512 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (6.3) ECDSA-SHA512 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (5.1) RSA-SHA384 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (5.3) ECDSA-SHA384 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (4.1) RSA-SHA256 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (4.3) ECDSA-SHA256 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (2.1) RSA-SHA1 gnutls[4]: EXT[0x5629c778d560]: rcvd signature algo (2.3) ECDSA-SHA1 gnutls[4]: HSK[0x5629c778d560]: Received safe renegotiation CS gnutls[2]: checking 00.a7 (GNUTLS_DH_ANON_AES_256_GCM_SHA384) for compatibility gnutls[2]: checking 00.6d (GNUTLS_DH_ANON_AES_256_CBC_SHA256) for compatibility gnutls[2]: checking 00.3a (GNUTLS_DH_ANON_AES_256_CBC_SHA1) for compatibility gnutls[2]: checking 00.c5 (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256) for compatibility gnutls[2]: checking 00.89 (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1) for compatibility gnutls[2]: checking 00.a6 (GNUTLS_DH_ANON_AES_128_GCM_SHA256) for compatibility gnutls[2]: checking 00.6c (GNUTLS_DH_ANON_AES_128_CBC_SHA256) for compatibility gnutls[2]: checking 00.34 (GNUTLS_DH_ANON_AES_128_CBC_SHA1) for compatibility gnutls[2]: checking 00.bf (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256) for compatibility gnutls[2]: checking 00.46 (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1) for compatibility gnutls[2]: checking 00.18 (GNUTLS_DH_ANON_ARCFOUR_128_MD5) for compatibility gnutls[2]: checking 00.1b (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1) for compatibility gnutls[3]: ASSERT: ciphersuites.c[_gnutls_figure_common_ciphersuite]:1591 gnutls[3]: ASSERT: handshake.c[_gnutls_server_select_suite]:1148 gnutls[3]: ASSERT: handshake.c[read_client_hello]:852 gnutls[3]: ASSERT: handshake.c[_gnutls_recv_handshake]:1632 gnutls[3]: ASSERT: handshake.c[handshake_server]:3480 TLS: TLS Handshake failed: No supported cipher suites have been found. gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696 gnutls[3]: ASSERT: record.c[check_session_status]:1650 gnutls[3]: ASSERT: record.c[gnutls_bye]:324 TLS: TLS session wasn't terminated gracefully SConnection: AuthFailureException: Authentication failure: TLS Handshake failed VNCSConnST: closing 192.168.43.1::44646: Clean disconnection EncodeManager: Framebuffer updates: 0 EncodeManager: Total: 0 rects, 0 pixels EncodeManager: 0 B (1:-nan ratio) Connections: closed: 192.168.43.1::44646 ```

[uttarayan21]

I tested the apk and it does work with my setup.

Coincidentally I tried using avnc in the meantime which works fine but I need to send the super key as modifier so I can't use it since it doesn't have that functionality.

[basilrabi]

Thank you @gujjwal00 , the APK works for me.

[gujjwal00]

@uttarayan21 yeah, virtual Super key is currently missing.

[bk138]

@gujjwal00 thanks for doing the research, again! So we simply patch libvncclient? I have to admit I'm not too proficient with this cipher stuff...

[gujjwal00]

Well, I am no expert either 😄.

And, adding AECDH in libvncclient would solve this issue. Its a net-positive anyway, because EC cipher suits seems to be better comparatively. According to OpenSSL docs, we can simply use aNULL in place of ADH for the cipher list, it is similar to using ADH:AECDH explicitly. Connection is successful with aNULL too.

I will see if I can identify the issue with regular DH cipher suits, but GnuTLS is giving zero indication about what's wrong.

[bk138]

Thanks @gujjwal00! This will be in the next point release.