Home
last modified time | relevance | path

Searched hist:"51941 e4695c6f6c1f786bacef7e8c3a477570e04" (Results 1 – 3 of 3) sorted by relevance

/qemu/ui/
H A Dvnc-ws.h51941e4695c6f6c1f786bacef7e8c3a477570e04 Tue Mar 17 13:42:58 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: enforce TLS when using websockets server

When TLS is required, the primary VNC server considers it to be
mandatory. ie the server admin decides whether or not TLS is used,
and the client has to comply with this decision. The websockets
server, however, treated it as optional, allowing non-TLS clients
to connect to a server which had setup TLS. Thus enabling websockets
lowers the security of the VNC server leaving the admin no way to
enforce use of TLS.

This removes the code that allows non-TLS fallback in the websockets
server, so that if TLS is requested for VNC it is now mandatory for
both the primary VNC server and the websockets VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
H A Dvnc-ws.c51941e4695c6f6c1f786bacef7e8c3a477570e04 Tue Mar 17 13:42:58 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: enforce TLS when using websockets server

When TLS is required, the primary VNC server considers it to be
mandatory. ie the server admin decides whether or not TLS is used,
and the client has to comply with this decision. The websockets
server, however, treated it as optional, allowing non-TLS clients
to connect to a server which had setup TLS. Thus enabling websockets
lowers the security of the VNC server leaving the admin no way to
enforce use of TLS.

This removes the code that allows non-TLS fallback in the websockets
server, so that if TLS is requested for VNC it is now mandatory for
both the primary VNC server and the websockets VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
H A Dvnc.c51941e4695c6f6c1f786bacef7e8c3a477570e04 Tue Mar 17 13:42:58 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: enforce TLS when using websockets server

When TLS is required, the primary VNC server considers it to be
mandatory. ie the server admin decides whether or not TLS is used,
and the client has to comply with this decision. The websockets
server, however, treated it as optional, allowing non-TLS clients
to connect to a server which had setup TLS. Thus enabling websockets
lowers the security of the VNC server leaving the admin no way to
enforce use of TLS.

This removes the code that allows non-TLS fallback in the websockets
server, so that if TLS is requested for VNC it is now mandatory for
both the primary VNC server and the websockets VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>