Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
RDP connections established when guacd is running on a FIPS-enabled server do not work with the NLA security method.
This appears to be due to FIPS-compatible ciphers not being implemented when using NLA security mode.
For more information, see the following bug report: https://github.com/FreeRDP/FreeRDP/issues/5746
It seems like this issue might possibly have been fixed in FreeRDP master in [this PR|https://github.com/FreeRDP/FreeRDP/pull/7934,] but the changes are unreleased (and involve a major version bump to FreeRDP 3), so it's unlikely that we'll be able to use that fix, assuming it works, until Guacamole is fully migrated to a released version of FreeRDP 3.
For now, we should probably just explicitly disable the NLA mode on the Guacamole side if FIPS is enabled, logging a warning if needed.
Related: GUACAMOLE-1669