VirtualBox

source: vbox/trunk/doc/manual/en_US/dita/topics/vrde-crypt.dita@ 105293

Last change on this file since 105293 was 105134, checked in by vboxsync, 7 months ago

Docs: bugref:10705. This is a merge commit to introduce doc team's changes in the user manual dita files. The following files
are excluded from this process:

  • Files whose names satrt with "viso", "vboxmanage", "man_", "vboximg", "vboxheadless", or "user_isomakercmd-man".

And general notes about this merge are as follows:

  • For now I leave glossentry-*dita file as they are since we use different enclosing dita elements
  • in hdimagewrites.dita we have <note type="attention"> while doc team's copy has <note type="caution">. Not sure if this is significant.

For now I copy doc team's version over.

  • I have not modified our UserManual.ditamap file. This will be done in a follow up commit.

The list of commits we have merged are as follows:

r3392: 7.1 new features; add comments to some DITA topics
r3730: VBP-283: Update supported platforms; 7.0 and 7.1
r3980: 7.1: reset menu option; add note
r3992: ARM hosts; add draft topic on limitations; add container topic for ARM-based subtopics
r3993: ARM create new VM wizard: add some dummy topics
r4014: ER 34784410 DOCUMENT THE VIRTUAL MACHINE TASKBAR ICONS: port topic and icon graphics from 7.0 tree
r4026: VBP-378: status bar icons; remove any mention of task bar; ported from 7.0
r4034: Cloning a cloud VM; add draft topic
r4035: Cloning a cloud VM;typo
r4036: Cloning a cloud VM;add xref from intro topic
r4050: Reset operation; add instructions
r4051: Amend comment
r4052: Ditaval markup for images
r4056: Add ditaval markup for images
r4057: Add ditaval markup for images
r4058: Add ditaval markup for images
r4073: UI experience level: add dummy topic
r4075: Subtype: option for VM settings General tab and Create VM wizard
r4094: Cloud VM reset; add to relnotes
r4095: Reset VM; use main Machine menu, rather than right-click menu
r4099: ARM hosts; draft revisions to cover different wizard screens
r4134: Cloud VMs: file manager menu option; add comment
r4214: Settings page, Motherboard tab: Chipset option for Arm VMs; add note
r4306: Terminology checker: clear up Errors; Installation chapter
r4307: Terminology checker: clear up Errors; Config settings/GA chapters
r4308: Terminology checker: clear up Errors; Storage, networking, remote VM chapters
r4311: Terminology checker: clear up Errors: various
r4324: Prefences and settings; potential areas for change in 7.1
r4356: r160214: Monitoring cloud VM performance; add new topic
r4358: r160214: Monitoring cloud VM performance; add new topic
r4364: r160214: Monitoring cloud VM performance; redraft topic
r4374: Experience levels; update user manual topic
r4377: Experience levels; Preferences window: add note re. availability of all possible settings
r4378: Experience levels; Preferences window: add note re. availability of all possible settingsLp
r4379: Typos and add remark re. Global menu changes
r4387: Preferences, Display: some settings introduced post-7.0: font scaling and extended features
r4388: Performance monitoring: add cloud VM instances to intro para
r4389: Experience levels: selecting a level, add graphic of icon
r4391: Resource monitoring; add CLI example to show CPU usage for a cloud instance
r4395: Experience levels; apply to menu items only
r4398: Experience levels; add notes
r4401: Experience levels; remove pics of global tools menu/machine tools menu; number of menu items can vary
r4402: Experience levels; remove image files for global tools menu/machine tools menu
r4525: Experience levels: minor redraft
r4528: Typo
r4538: Experience levels: selected level applies throughout VirtualBox Manager GUI
r4543: GUI topics; add notes for required changes
r4544: VISO Creator changes
r4563: r160714: unattended guest install example; now has user-password option
r4569: Terminology: front end, not front-end
r4570: Arm wizard screens; remove, as Create VM Wizard will be very similar regardless of architecture
r4571: Arm wizard screens; remove, as Create VM Wizard will be very similar regardless of architecture
r4623: Cloud VM monitoring: Compute Instance Monitoring plugin must be enabled; add note
r4625: CPU activity icon; update, now has solid bar
r4626: GUI changes; various, from Serkan; includes new pic for soft keyboard
r4629: separate mode: add some draft topics, will need to get technical review at a later stage
r4634: GUI; various notes and updates
r4655: Typo
r4703: Arm host platform limitations; redraft and add topic to host OS section
r4724: VISO creator; add notes re. ISO import
r4725: Separate mode: edits
r4863: r161176; Python 2.x no longer supported for API
r4899: Arm host support: limitations
r4910: Create VM wizard: settings may vary x86 vs. Arm hosts
r4911: Guest OS support; add note re. supported aarch64 OSes
r4973: r161445: Remove mention of parallel port support
r5004: Cloud VM monitoring: detailed data graphs and Activity Overview
r5038: Cloud VM monitoring: export to file
r5214: r161947: Solaris non-Global zone configuration
r5215: r161947: Solaris non-Global zone configuration; typo
r5230: Glossary: fix title for I/O APIC topic
r5341: Experience levels; can be selected from welcome screen in VirtualBox Manager; need replacement pic
r5345: Experience levels; add note on Welcome screen option
r5346: Arm host limitations; unavailable System settings
r5434: r162377: shared folders; symlinks behaviour
r5565: Cloud VM list in VirtualBox Manager; show mixed VM types; screenshot from Klaus
r5627: Obfuscate UUID data in screen shot
r5628: Delete legacy cloudvm pic; use mixed VMs example
r5654: Clean up comments in source files; redraft VM activity section
r5672: 7.1 changes; add comments
r5683: 7.1 changes; add comments for Arm topics
r5687: 7.1 changes; GUI; add comments
r5703: Oracle notices; include up to date versions in preface-* topics for User Guide
r5707: r162904: Windows install directory requirements; redraft
r5781: updated GNU version from 2 to 3 as per r163272
r5812: started removal of screenshots and updating tasks VBP-807
r5818: Further updates to creating a VM VBP-807
r5822: Restructured topics and made task based VBP-807
r5824: Removed files during restructure VBP-807
r5834: Fixed formatting of note and caution VBP-807
r5836: Updated supported host OS list VBP-825
r5837: updated USB topics for VBP-823
r5842: changes as per legal request re supported guests VBP-843
r5853: Updated versions following review. VBP-825
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 5.3 KB
Line 
1<?xml version='1.0' encoding='UTF-8'?>
2<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
3<topic xml:lang="en-us" id="vrde-crypt">
4 <title>RDP Encryption</title>
5
6 <body>
7 <p>
8 RDP features data stream encryption, which is based on the RC4
9 symmetric cipher, with keys up to 128-bit. The RC4 keys are
10 replaced at regular intervals, every 4096 packets.
11 </p>
12 <p>
13 RDP provides the following different authentication methods:
14 </p>
15 <ul>
16 <li>
17 <p><b outputclass="bold">RDP 4</b> authentication was
18 used historically. With RDP 4, the RDP client does not
19 perform any checks in order to verify the identity of the
20 server it connects to. Since user credentials can be
21 obtained using a man in the middle (MITM) attack, RDP4
22 authentication is insecure and should generally not be used.
23 </p>
24 </li>
25 <li>
26 <p><b outputclass="bold">RDP 5.1</b> authentication
27 employs a server certificate for which the client possesses
28 the public key. This way it is guaranteed that the server
29 possess the corresponding private key. However, as this
30 hard-coded private key became public some years ago, RDP 5.1
31 authentication is also insecure.
32 </p>
33 </li>
34 <li>
35 <p><b outputclass="bold">RDP 5.2 or later</b>
36 authentication uses Enhanced RDP Security, which means that
37 an external security protocol is used to secure the
38 connection. RDP 4 and RDP 5.1 use Standard RDP Security. The
39 VRDP server supports Enhanced RDP Security with TLS protocol
40 and, as a part of the TLS handshake, sends the server
41 certificate to the client.
42 </p>
43 <p> The <codeph>Security/Method</codeph> VRDE property sets the required security method,
44 which is used for a connection. Valid values are as follows: </p>
45 <ul>
46 <li>
47 <p><b outputclass="bold">Negotiate.</b> Both
48 Enhanced (TLS) and Standard RDP Security connections are
49 allowed. The security method is negotiated with the
50 client. This is the default setting.
51 </p>
52 </li>
53 <li>
54 <p><b outputclass="bold">RDP.</b> Only Standard RDP
55 Security is accepted.
56 </p>
57 </li>
58 <li>
59 <p><b outputclass="bold">TLS.</b> Only Enhanced RDP
60 Security is accepted. The client must support TLS.
61 </p>
62 <p>
63 The version of OpenSSL used by <ph conkeyref="vbox-conkeyref-phrases/product-name"/> supports
64 TLS versions 1.0, 1.1, 1.2, and 1.3.
65 </p>
66 </li>
67 </ul>
68 <p>
69 For example, the following command enables a client to use
70 either Standard or Enhanced RDP Security connection:
71 </p>
72 <pre xml:space="preserve">vboxmanage modifyvm <varname>VM-name</varname> --vrde-property "Security/Method=negotiate"</pre>
73 <p>
74 If the <codeph>Security/Method</codeph> property is set to
75 either Negotiate or TLS, the TLS protocol will be
76 automatically used by the server, if the client supports
77 TLS. However, in order to use TLS the server must possess
78 the Server Certificate, the Server Private Key and the
79 Certificate Authority (CA) Certificate. The following
80 example shows how to generate a server certificate.
81 </p>
82 <ol>
83 <li>
84 <p>
85 Create a CA self signed certificate.
86 </p>
87 <pre xml:space="preserve">openssl req -new -x509 -days 365 -extensions v3_ca \
88 -keyout ca_key_private.pem -out ca_cert.pem</pre>
89 </li>
90 <li>
91 <p>
92 Generate a server private key and a request for signing.
93 </p>
94 <pre xml:space="preserve">openssl genrsa -out server_key_private.pem
95openssl req -new -key server_key_private.pem -out server_req.pem</pre>
96 </li>
97 <li>
98 <p>
99 Generate the server certificate.
100 </p>
101 <pre xml:space="preserve">openssl x509 -req -days 365 -in server_req.pem \
102 -CA ca_cert.pem -CAkey ca_key_private.pem -set_serial 01 -out server_cert.pem</pre>
103 </li>
104 </ol>
105 <p>
106 The server must be configured to access the required files.
107 For example:
108 </p>
109 <pre xml:space="preserve">vboxmanage modifyvm <varname>VM-name</varname> \
110 --vrde-property "Security/CACertificate=path/ca_cert.pem"</pre>
111 <pre xml:space="preserve">vboxmanage modifyvm <varname>VM-name</varname> \
112 --vrde-property "Security/ServerCertificate=path/server_cert.pem"</pre>
113 <pre xml:space="preserve">vboxmanage modifyvm <varname>VM-name</varname> \
114 --vrde-property "Security/ServerPrivateKey=path/server_key_private.pem"</pre>
115 </li>
116 </ul>
117 <p>
118 As the client that connects to the server determines what type
119 of encryption will be used, with <userinput>rdesktop</userinput>,
120 the Linux RDP viewer, use the <codeph>-4</codeph> or
121 <codeph>-5</codeph> options.
122 </p>
123 </body>
124
125</topic>
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette