From: <osc...@pr...> - 2010-12-27 20:03:28
|
Folks, This does indeed work. Using the source pointer from jclevien's UltraVNC java viewer, I was able to connect via SSL to STunnel, which forwarded the viewer packets. I don't know which version of SSL it is supporting because SSLv3 only stunnel configuration was triggering error 'wrong version number' as below. Updating stunnel to accept any version of SSL [protocol version (all, SSLv2, SSLv3, TLSv1)] was the work around that allowed a successful SSL session. I did not verify that the streams were truly encrypted other than visually checking the tcpdump packet streams. Any pointers for the TightVNC win32 server? Thanks http://sc.uvnc.com/javaviewer/javaviewer2.zip java -classpath .\bin VncViewer HOST 10.0.0.1 PORT 5901 PASSWORD secret USESSL yes TRUSTALL yes Log SSL errors: 2010.12.27 10:32:34 LOG3[35350:34377573728]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Good session output: 2010.12.27 11:23:39 LOG7[50713:34377573728]: Service viewer permitted by libwrap from 192.168.103.94:3130 2010.12.27 11:23:39 LOG5[50713:34377573728]: Service viewer accepted connection from 192.168.103.94:3130 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): before/accept initialization 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 read client hello A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 write server hello A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 write certificate A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 write server done A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 flush data 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 read client key exchange A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 read finished A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 write change cipher spec A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 write finished A 2010.12.27 11:23:39 LOG7[50713:34377573728]: SSL state (accept): SSLv3 flush data 2010.12.27 11:23:39 LOG7[50713:34377573728]: 2 items in the session cache 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 client connects (SSL_connect()) 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 client connects that finished 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 client renegotiations requested 2010.12.27 11:23:39 LOG7[50713:34377573728]: 2 server connects (SSL_accept()) 2010.12.27 11:23:39 LOG7[50713:34377573728]: 2 server connects that finished 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 server renegotiations requested 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 session cache hits 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 external session cache hits 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 session cache misses 2010.12.27 11:23:39 LOG7[50713:34377573728]: 0 session cache timeouts 2010.12.27 11:23:39 LOG6[50713:34377573728]: SSL accepted: new session negotiated 2010.12.27 11:23:39 LOG6[50713:34377573728]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2010.12.27 11:23:39 LOG7[50713:34377573728]: FD=14 in non-blocking mode 2010.12.27 11:23:39 LOG6[50713:34377573728]: connect_blocking: connecting 127.0.0.1:5900 2010.12.27 11:23:39 LOG5[50713:34377573728]: connect_blocking: connected 127.0.0.1:5900 2010.12.27 11:23:39 LOG5[50713:34377573728]: Service viewer connected remote server from 127.0.0.1:57198 2010.12.27 11:23:39 LOG7[50713:34377573728]: Remote FD=14 initialized 2010.12.27 11:23:39 LOG7[50713:34377573728]: Option TCP_NODELAY set on remote socket 2010.12.27 11:23:43 LOG7[50713:34377573728]: SSL alert (read): warning: close notify 2010.12.27 11:23:43 LOG7[50713:34377573728]: SSL closed on SSL_read 2010.12.27 11:23:43 LOG7[50713:34377573728]: Sending socket write shutdown 2010.12.27 11:23:43 LOG7[50713:34377573728]: Socket closed on read 2010.12.27 11:23:43 LOG7[50713:34377573728]: Sending SSL write shutdown 2010.12.27 11:23:43 LOG7[50713:34377573728]: SSL alert (write): warning: close notify 2010.12.27 11:23:43 LOG6[50713:34377573728]: SSL_shutdown successfully sent close_notify 2010.12.27 11:23:43 LOG5[50713:34377573728]: Connection closed: 34280 bytes sent to SSL, 1469 bytes sent to socket 2010.12.27 11:23:43 LOG7[50713:34377573728]: Service viewer finished (0 left) -----Original Message----- From: Juan Jose Costello Levien <jcl...@gm...> To: osc...@pr... Cc: vnc...@li... Sent: Thu, Dec 23, 2010 4:39 pm Subject: Re: TightVNC Java Viewer with SSL Socket You have to look at the javaviewer2 sources: http://sc.uvnc.com/javaviewer/javaviewer2.zip /Juan. 2010/12/23 <osc...@pr...> I don't see from the sources or readme that it does support SSL. Can you be more specific with the pointer? Thanks -----Original Message----- From: Juan Jose Costello Levien <jcl...@gm...> To: osc...@pr... Cc: vnc...@li... Sent: Thu, Dec 23, 2010 11:37 am Subject: Re: TightVNC Java Viewer with SSL Socket Hello, Look at UltraVNC Java Viewer, it has SSL support, and other encodings. http://uvnc.com/features/javaviewer.html /Juan. 2010/12/23 <osc...@pr...> Folks, Is there a version of the Java Viewer that can connect via SSL to a server via stunnel? If not, how could this be implemented? Looks like it would be possible to do something like this via socketFactory (com.tightvnc.vncviewer.VncViewer.socketFactory). Thanks -- Juan Jose Costello Levien jcl...@gm... http://jclevien.ath.cx |