summaryrefslogtreecommitdiffstats
path: root/classes/ssl/README
blob: 884e34af944e89639077471b2db8c38b1fa683e3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
This directory contains a patched Java applet VNC viewer that is SSL
enabled.

The patches in the *.patch files are relative to the source tarball:

	tightvnc-1.3dev7_javasrc.tar.gz  

currently (4/06) available here:

   http://prdownloads.sourceforge.net/vnc-tight/tightvnc-1.3dev7_javasrc.tar.gz?download

It also includes some simple patches to:

	- fix richcursor colors

	- make the Java Applet cursor (not the cursor drawn to the canvas
	  framebuffer) invisible when it is inside the canvas.

	- allow Tab (and some other) keystrokes to be sent to the vnc
	  server instead of doing widget traversal.


This SSL applet should work with any VNC viewer that has an SSL tunnel in
front of it.  It has been tested on x11vnc and using the stunnel tunnel
to other VNC servers.

By default this Vnc Viewer will only do SSL.  To do unencrypted traffic
see the "DisableSSL" applet parameter (e.g. set it to Yes in index.vnc).

Proxies: they are a general problem with java socket applets (a socket
connection does not go through the proxy).  See the info in the proxy.vnc
file for a workaround.  It uses SignedVncViewer.jar which is simply
a signed version of VncViewer.jar.  The basic idea is the user clicks
"Yes" to trust the applet and then it can connect directly to the proxy
and issue a CONNECT request.

This applet has been tested on versions 1.4.2 and 1.5.0 of the Sun
Java plugin.  It may not work on older releases or different vendor VM's.
Send full Java Console output for failures.

---------------------------------------------------------------
Tips:

When doing single-port proxy connections (e.g. both VNC and HTTPS
thru port 5900) it helps to move through the 'do you trust this site'
dialogs quickly.   x11vnc has to wait to see if the traffic is VNC or
HTTP and this can cause timeouts if you don't move thru them quickly.

You may have to restart your browser completely if it gets into a
weird state.  For one case we saw the JVM requesting VncViewer.class
even when no such file exists.


---------------------------------------------------------------
Extras:

ssl_vncviewer (not Java):

        Wrapper script for native VNC viewer to connect to x11vnc in
        SSL mode.  Script launches stunnel(8) and then connects to it
        via localhost which in turn is then redirected to x11vnc via an
        SSL tunnel.  stunnel(8) must be installed and available in PATH.


Running Java SSL VncViewer from the command line:

	From this directory:

	java -cp ./VncViewer.jar VncViewer HOST <thehost> PORT <theport>

	substitute <thehost> and <theport> with the actual values.