[Cialug] rdp client

Jeff Davis jdavis at geolearning.com
Thu Oct 11 16:52:05 CDT 2007

Hash: SHA1

I think I've found the source of the issue.

I had someone verify on that box that the terminal services config
shows RDP 5.2, so I don't believe that is the issue as I'm able to
(and have been able to) connect to other 2003 servers using 5.2.

I know the encryption level has been changed to "FIPS compliant."
MS' site says that prior to setting fips compliant encryption
rdp uses as "RC4 algorithm with a 56-bit key length"
and after you enable fips compliant encryption
"the RDP channel is encrypted by using 3DES in Cipher Block
Chaining (CBC) mode with a 128-bit key length"

Now, on the rdesktop site someone complained about not being able to connect when the
encryption level was set to "High" on the windows box, which apparently used a 128
bit key.  The "solution" was to lower the ecryption level.

Since MS states that fips compliant mode is using a 128 bit key, I'm making the
assumption that this is causing the issue since rdesktop apparently doesn't support that.

I'm now trying to determine if rdesktop is using something other than the openssl
libraries installed.  I'm using openssl 0.9.8d, which is pretty current.  All of the
rdp linux clients I've looked at today are really just front-ends for rdesktop, so if
rdesktop is the failure point I don't expect this to be an easy fix.

- -Jeff

david l goodrich wrote:
> On Thu, 11 Oct 2007 09:02:08 -0500, Jeff Davis <jdavis at geolearning.com>
> wrote:
> FIPS = Federal Information Processing Standards.
> Government stuff.....and all that THAT implies. ;-)
> I'm not an expert in this, but my understanding
> is that it requires only 'approved' cryptographic
> ciphers be used, and other requirements like that.
> There's more than you ever want to know about it
> at http://www.nist.gov
>> Well, sure, I know what FIPS is.  But what does "FIPS mode" mean to
>> Windows?  There are a LOT of FIPS standards, does this mean Windows thinks
>> it's following the standards?  Which ones?
>>   --david
> I need to connect to some windows boxes that
> have been forced into FIPS mode via GPO.
> -Jeff
> david l goodrich wrote:
>>>> On Wed, Oct 10, 2007 at 05:17:04PM -0500, Jeff Davis wrote:
>>>>> Hash: SHA1
>>>>> Does anyone know of an RDP client for linux
>>>>> that I can use to RDP into windows boxes
>>>>> that are running in FIPS mode?
>>>> Okay, I'll bite.  What's FIPS mode?
>>>>   --david
>>>>> (So far I've not been able to get krdc or tsclient
>>>>>  to successfully connect on one of these machines.)
>>>>> - -Jeff
> ------------------------------------------------------------------------
>>>>> _______________________________________________
>>>>> Cialug mailing list
>>>>> Cialug at cialug.org
>>>>> http://cialug.org/mailman/listinfo/cialug
Cialug mailing list
Cialug at cialug.org

> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the Cialug mailing list