RustDesk Server Pro (Windows) on Server versions below Windows Server 2022 - TLS_1.2 Problem?

[User35123]

After a long period of troubleshooting, testing, wiresharking and swearing, it looks like that its currently just a waste of time if you running RestDesk Server Pro (Windows) on a infrastructure that is using Windows Server versions below 2022 because Windows Server 2022 is the first system that has the ability to use TLS_1.3.

-> SMTP currently doesn't seem to work below TLS_1.3 (only a problem if target does not have TLS_1.3) https://github.com/rustdesk/rustdesk-server-pro/issues/99#issuecomment-1777223013

-> Secured LDAP currently doesn't seem to work below TLS_1.3 (This could be a problem if your Active Directory Server is not a Windows Server 2022) https://github.com/rustdesk/rustdesk-server-pro/issues/188

-> API doesn't seem to work - No automatic username, devicename, deviceinfo and no strategies are beeing applied (If your secured API Server is powered by a reverse proxy on a server older then 2022) https://github.com/rustdesk/rustdesk-server-pro/issues/19#issuecomment-1889166892

Just to make sure: I fully agree that TLS_1.3 ist the best way to go. You know that, i know that... and Microsoft know that too. That's because they want you to buy Windows Server 2022. But TLS_1.2 is still maintained and used by all other Windows Server systems below 2022. If that's the case that TLS_1.2 is the problem, there should be an information at the (Windows) documentation

[rustdesk]

We are using this tls library, it does support tls1.2, https://github.com/rustls/rustls?tab=readme-ov-file#current-functionality-with-default-crate-features. I do not think there is any library / software giving up support of tls 1.2 at this time being.

[rustdesk]

Can you send your urls of tls 1.2 servers (not working with RustDesk client or Pro) to us? we will investigate. You can send to my email info@rustdesk.com if it can not go public.

[User35123]

Thank you for your help!

I could but there isn't any license anymore on this Server. I installed everything on a Windows Server 2022 and it was working after settings everything up. The old installation is currently still there but i needed to switch my license to the new one.

[rustdesk]

No worries, we will try to find a tls 1.2 service for testing.

Tested with https://tls-v1-2.badssl.com:1012/ rusttls works well with tls 1.2

[User35123]

Hello and thank you for testing!

I got a very short time slot for testing (and transfering my license to the old server) I compared my web.config-File from both servers (old one and the server 2022 version). They are looking same - but still no luck. If i disable SSL (using http and Port 21114) the API Server works fine! That means there must be something with the IIS / reverse proxy / TLS.

Accessing the rustdesk server using the reverse proxy address via webbrowser works absolutely fine. Also the login feature from the rustdesk client - everything works exept seeing the username, computername and sysinfo in the devices-panel

[rustdesk]

Thanks for your testing. Is it possible you give me a chance to access your old one (my email info@rustdesk.com)? No license is needed, I just need to test the tls 1.2 connectivity.

[rustdesk]

Thanks @User35123 providing the test url. I just tested, our tls lib (https://github.com/rustls/rustls) does not work with your server, though it works for https://tls-v1-2.badssl.com:1012/,. But native tls works for both. I am considering change to native tls in next release for better support of tls.

The error without proxy on my side: error trying to connect: Connection reset by peer (os error 54)

The error with proxy on my side: error trying to connect: tls handshake eof