Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xrdp is using RDP licensing #3132

Closed
akallabeth opened this issue Jun 20, 2024 · 5 comments · Fixed by #3143
Closed

xrdp is using RDP licensing #3132

akallabeth opened this issue Jun 20, 2024 · 5 comments · Fixed by #3143
Labels
bug

Comments

@akallabeth
Copy link

xrdp version

all?

Detailed xrdp version, build options

No response

Operating system & version

all

Installation method

Doesn't matter

Which backend do you use?

No response

What desktop environment do you use?

No response

Environment xrdp running on

No response

What's your client?

No response

Area(s) with issue?

No response

Steps to reproduce

FreeRDP/FreeRDP#10270 (reply in thread)

  1. configure FreeRDP and xrdp for FIPS
  2. see connections failing due to use of RDP licensing (md4, rc4 and other stuff in use)

what I do not understand is why xrdp is sending this packet at all as RDP licensing is optional (and the security broken for ages)

✔️ Expected Behavior

connect

❌ Actual Behavior

fail

Anything else?

No response
@akallabeth akallabeth added the bug label Jun 20, 2024
@matt335672
Copy link
Member

Thanks @akallabeth

I've just been through the docs and I agree - I can't see any point in issuing a Server License Request PDU.

I've also been through the Github history, and even gone to look at the old Sourceforge pages. This code has been in xrdp for ever, it seems - since 2005 anyway.

@jsorg71 - this may be an unfair question given how much time has elapsed, but are you aware of a good reason why we should be implementing [MS-RDPELE] ?

@jsorg71
Copy link
Contributor

jsorg71 commented Jun 21, 2024

It's fair. Wow this goes back to the days before there was documentation. This was written in 2005 and the doc were released in about 2008.

@matt335672
Copy link
Member

Technically it's easy enough to remove it for devel to see what happens. I don't know what to do about v0.10 however. Should we keep it in but disabled and provide a setting to re-enable it?

@akallabeth
Copy link
Author

@matt335672 My 2 cents: since it is optional/useless (as documented in the protocol specs) and creates huge issues with newer OpenSSL (and others) (md4 and rc4 are then required client side to handle that stuff) it might break more to leave it as is than to remove it.

@matt335672 matt335672 mentioned this issue Jul 2, 2024
Merged
@matt335672
Copy link
Member

@akallabeth - we've implemented the change for v0.10.x too. Thought you should know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove Licensing exchange matt335672/xrdp
3 participants
@jsorg71 @akallabeth @matt335672