If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
remote desktop replacement?
On 2017-02-09 20:07, T wrote:
On 02/08/2017 06:15 PM, B00ze wrote: You've given-up on disabling TLS 1.0 on RDP? About one micro inch away: https://social.technet.microsoft.com...&prof=required I am getting ready to install Open VPN Lol, I see you at the bottom of the thread. They don't mention if they upgraded RDP to RDP-8.x however; I seem to recall you needed to do this before disabling TLS 1.0? It involves: RDP81 - KB2592687 RDP 8.0 Update for Windows 7 for x64-based Systems KB2830477 Remote Desktop Connection (RDC) 8.1 client update - Breaks VirtualPC? And then - 1. KB2984976 2. KB3020388 2. KB3126446 3. KB3075226 3. KB2923545 Anyway this is what I have in my notes, but I haven't tested disabling TLS 1.0 and then trying RDP - I'm @ home not in a store ;-) Best Regards, -- ! _\|/_ Sylvain / ! (o o) Memberavid-Suzuki-Fdn/EFF/Red+Cross/SPCA/Planetary-Society oO-( )-Oo Computer, delete WESLEY.EXE -Entire Enterprise crew |
Ads |
#17
|
|||
|
|||
remote desktop replacement?
On 02/09/2017 07:17 PM, B00ze wrote:
On 2017-02-09 20:07, T wrote: On 02/08/2017 06:15 PM, B00ze wrote: You've given-up on disabling TLS 1.0 on RDP? About one micro inch away: https://social.technet.microsoft.com...&prof=required I am getting ready to install Open VPN Lol, I see you at the bottom of the thread. They don't mention if they upgraded RDP to RDP-8.x however; I seem to recall you needed to do this before disabling TLS 1.0? It involves: RDP81 - KB2592687 RDP 8.0 Update for Windows 7 for x64-based Systems KB2830477 Remote Desktop Connection (RDC) 8.1 client update - Breaks VirtualPC? And then - 1. KB2984976 2. KB3020388 2. KB3126446 3. KB3075226 3. KB2923545 Anyway this is what I have in my notes, but I haven't tested disabling TLS 1.0 and then trying RDP - I'm @ home not in a store ;-) Best Regards, Hi B00ze, If you disable 3DES, Remote Desktop stops working. 3DES (SUGAR32) haunts TLS 1.0, 1.1, and 1.2. See below. I can't win. :'( -T nmap -p xxxx -Pn --script +ssl-enum-ciphers aaa.bbb.ccc.ddd --script ssl-cert Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-07 00:02 PST Nmap scan report for mail.redacted.com (aaa.bbb.ccc.ddd) Host is up (0.060s latency). PORT STATE SERVICE xxxx/tcp open yyyyy | ssl-enum-ciphers: | TLSv1.0: | ciphers: | *TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C * | compressors: | NULL | cipher preference: indeterminate | cipher preference error: Too few ciphers supported | warnings: | *64-bit block cipher 3DES vulnerable to SWEET32 attack* | Weak certificate signatu SHA1 | TLSv1.1: | ciphers: | *TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C* | compressors: | NULL | cipher preference: indeterminate | cipher preference error: Too few ciphers supported | warnings: | *64-bit block cipher 3DES vulnerable to SWEET32 attack* | Weak certificate signatu SHA1 | TLSv1.2: | ciphers: | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: indeterminate | cipher preference error: Too few ciphers supported | warnings: | *64-bit block cipher 3DES vulnerable to SWEET32 attack* | Weak certificate signatu SHA1 |_ least strength: C Nmap done: 1 IP address (1 host up) scanned in 2.44 seconds |
#18
|
|||
|
|||
remote desktop replacement?
On 2017-02-09 22:30, T wrote:
Hi B00ze, If you disable 3DES, Remote Desktop stops working. 3DES (SUGAR32) haunts TLS 1.0, 1.1, and 1.2. See below. I can't win. :'( Ohhhhhh, I see now (your log) - Darn this is a real bummer! Well @ least with a VPN you will then be allowed to use RDP, instead of using a 3rd party thing like TeamViewer which is expensive and has some issues. Never tried to setup plain OpenVPN (altho I used to run plain Tor, before it became a browser, and it was pretty easy to setup) - I use a paid VPN that comes with a nice UI sitting above OpenVPN; keeps things simple. Good luck! Best Regards, -- ! _\|/_ Sylvain / ! (o o) Memberavid-Suzuki-Fdn/EFF/Red+Cross/SPCA/Planetary-Society oO-( )-Oo How do you tell when you run out of invisible ink? |
#19
|
|||
|
|||
remote desktop replacement?
On 02/10/2017 07:49 PM, B00ze wrote:
On 2017-02-09 22:30, T wrote: Hi B00ze, If you disable 3DES, Remote Desktop stops working. 3DES (SUGAR32) haunts TLS 1.0, 1.1, and 1.2. See below. I can't win. :'( Ohhhhhh, I see now (your log) - Darn this is a real bummer! Well @ least with a VPN you will then be allowed to use RDP, instead of using a 3rd party thing like TeamViewer which is expensive and has some issues. Never tried to setup plain OpenVPN (altho I used to run plain Tor, before it became a browser, and it was pretty easy to setup) - I use a paid VPN that comes with a nice UI sitting above OpenVPN; keeps things simple. Good luck! Best Regards, I finally figure out how harden rdp. I posted my solution in the original thread. editorial comment AAAAAAAAAHHHHHHH!!!!!!!!!! /editorial comment |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|