[
https://issues.apache.org/jira/browse/GUACAMOLE-1598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17600967#comment-17600967
]
David S. Jones commented on GUACAMOLE-1598:
-------------------------------------------
Unfortunately we have to support a lot of win7 and more than a few 2008r2.
Since the fix has been in freerdp for almost 4 years and that's about the time
we went to freerdp2, I'd like to think we could assume current guacd builds
would have it. If we had a client setting for that wouldn't it just get ignored
if the particular guacd build didn't have that setting available? I'd really
prefer a client setting rather than force the default=0.
> Windows 7 TLS/NLA compatibility issue with openssl3
> ---------------------------------------------------
>
> Key: GUACAMOLE-1598
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1598
> Project: Guacamole
> Issue Type: Improvement
> Components: RDP
> Affects Versions: 1.4.0
> Reporter: Michael Saxl
> Priority: Major
>
> Openssl 3.0 raised the default tls security level parameters.
> This has the effect that Widows 7 / Windows 2008r2 do not work in tls/nla/ext
> security mode, only rdp security works, but this requires disabling nla on
> the remote machine.
> xfreerdp has a parameter named /tls-seclevel that if set to 0 solves this
> problem, but settings this to such a low value should only be done if the
> user really requests it.
> Remmina will get this parameter too.
>
> internally in the settings structure the attribute is named
> setting->TlsSecLevel
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
