summaryrefslogtreecommitdiffstats
path: root/webclients/ssl/README
blob: b244cf1fcca374eb390bb18e5d6c3af3f97c14bf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
This directory contains a patched Java applet VNC viewer that is SSL
enabled.

The patches in the *.patch files are relative to the source tarball:

	tightvnc-1.3dev7_javasrc.tar.gz  

currently (4/06) available here:

   http://prdownloads.sourceforge.net/vnc-tight/tightvnc-1.3dev7_javasrc.tar.gz?download

It also includes some simple patches to:

	- fix richcursor colors

	- make the Java Applet cursor (not the cursor drawn to the canvas
	  framebuffer) invisible when it is inside the canvas.

	- allow Tab (and some other) keystrokes to be sent to the vnc
	  server instead of doing widget traversal.


This SSL applet should work with any VNC viewer that has an SSL tunnel in
front of it.  It has been tested on x11vnc and using the stunnel tunnel
to other VNC servers.

By default this Vnc Viewer will only do SSL.  To do unencrypted traffic
see the "DisableSSL" applet parameter (e.g. set it to Yes in index.vnc).

Proxies: they are a general problem with java socket applets (a socket
connection does not go through the proxy).  See the info in the proxy.vnc
file for a workaround.  It uses SignedVncViewer.jar which is simply
a signed version of VncViewer.jar.  The basic idea is the user clicks
"Yes" to trust the applet and then it can connect directly to the proxy
and issue a CONNECT request.

This applet has been tested on versions 1.4.2 and 1.5.0 of the Sun
Java plugin.  It may not work on older releases or different vendor VM's.
Send full Java Console output for failures.

---------------------------------------------------------------
Tips:

When doing single-port proxy connections (e.g. both VNC and HTTPS
thru port 5900) it helps to move through the 'do you trust this site'
dialogs quickly.   x11vnc has to wait to see if the traffic is VNC or
HTTP and this can cause timeouts if you don't move thru them quickly.

You may have to restart your browser completely if it gets into a
weird state.  For one case we saw the JVM requesting VncViewer.class
even when no such file exists.


---------------------------------------------------------------
Extras:

ss_vncviewer (not Java):

        Wrapper script for native VNC viewer to connect to x11vnc in
        SSL mode.  Script launches stunnel(8) and then connects to it
        via localhost which in turn is then redirected to x11vnc via an
        SSL tunnel.  stunnel(8) must be installed and available in PATH.


Running Java SSL VncViewer from the command line:

	From this directory:

	java -cp ./VncViewer.jar VncViewer HOST <thehost> PORT <theport>

	substitute <thehost> and <theport> with the actual values.
	You can add any other parameters, e.g.: ignoreProxy yes

---------------------------------------------------------------
UltraVNC:

The UltraVNC java viewer has also been patched to support SSL.  Various
bugs in the UltraVNC java viewer were also fixed.  This viewer can be
useful because is support UltraVNC filetransfer, and so it works on
Unix, etc.

UltraViewerSSL.jar
SignedUltraViewerSSL.jar
ultra.vnc
ultraproxy.vnc
ultravnc-102-JavaViewer-ssl-etc.patch

---------------------------------------------------------------
Applet Parameters:

Some additional applet parameters can be set via the URL, e.g.

	http://host:5800/?param=value
	http://host:5800/ultra.vnc?param=value
	https://host:5900/ultra.vnc?param=value

etc.  If running java from command line as show above, it comes
in as java ... VncViewer param value ... 

There is a limitation with libvncserver that param and value can
only be alphanumeric, underscore, "+" (for space), or "."

We have added some applet parameters to the stock VNC java
viewers.  Here are the applet parameters:

Both TightVNC and UltraVNC Java viewers:

  HOST
	string, default: none.
	The Hostname to connect to.
	
  PORT
	number, default: 0
	The VNC server port to connect to.

  Open New Window
	yes/no, default: no
	Run applet in separate frame.

  Show Controls
	yes/no, default: yes
	Show Controls button panel.

  Show Offline Desktop
	yes/no, default: no
	Do we continue showing desktop on remote disconnect?

  Defer screen updates
	number, default: 20
	Milliseconds delay

  Defer cursor updates
	number, default: 10
	Milliseconds delay

  Defer update requests
	number, default: 50
	Milliseconds delay

  PASSWORD
	string, default: none
	VNC session password in plain text.

  ENCPASSWORD
	string, default: none
	VNC session password in encrypted in DES with KNOWN FIXED
	key.  It is a hex string.  This is like the ~/.vnc/passwd format.
  
  
  The following are added by x11vnc and/or ssvnc project
  
  VNCSERVERPORT
	number, default: 0
	Like PORT, but if there is a firewall this is the Actual VNC
	server port.  PORT might be a redir port on the firewall.

  DisableSSL
	yes/no, default: no
	Do unencrypted connection, no SSL. 

  httpsPort
	number, default: none
	When checking for proxy, use this at the url port number.

  CONNECT
	string, default: none
	Sets to host:port for the CONNECT line to a Web proxy. 
	The Web proxy should connect us to it.

  GET
	yes/no, default: no
	Set to do a special HTTP GET (/request.https.vnc.connection)
	to the vnc server that will cause it to switch to VNC instead.
	This is to speedup/make more robust, the single port HTTPS and VNC
	mode of x11vnc (e.g. both services thru port 5900, etc) 
	
  urlPrefix
	string, default: none
	set to a string that will be prefixed to all URL's when contacting
	the VNC server.  Idea is a special proxy will use this to indicate
	internal hostname, etc.

  oneTimeKey
	string, default: none
	set a special hex "key" to correspond to an SSL X.509 cert+key.
	See the 'onetimekey' helper script.  Can also be PROMPT to prompt
	the user to paste the hex key string in.

	This provides a Client-Side cert+key that the client will use to
	authenticate itself by SSL To the VNC Server.

	This is to try to work around the problem that the Java applet
	cannot keep an SSL keystore on disk, etc.  E.g. if they log
	into an HTTPS website via password they are authenticated and
	encrypted, then the website can safely put oneTimeKey=... on the
	URL.  The Vncviewer authenticates the VNC server with this key.

	Note that there is currently a problem in that if x11vnc requires
	Client Certificates the user cannot download the index.vnc HTML
	and VncViewer.jar from the same x11vnc.  Those need to come from
	a different x11vnc or from a web server.

	Note that the HTTPS website can also put the VNC Password
	(e.g. a temporary/one-time one) in the parameter PASSWORD.
	The Java Applet will automatically supply this VNC password
	instead of prompting.

  serverCert
	string, default: none
	set a special hex "cert" to correspond to an SSL X.509 cert
	See the 'onetimekey -certonly' helper script.

	This provides a Server-Side cert that the client will authenticate
	the VNC Server against by SSL.

	This is to try to work around the problem that the Java applet
	cannot keep an SSL keystore on disk, etc.  E.g. if they log
	into an HTTPS website via password they are authenticated and
	encrypted, then the website can safely put serverCert=... on the
	URL.

	Of course the VNC Server is sending this string to the Java
	Applet, so this is only reasonable security if the VNC Viewer
	already trusts the HTTPS retrieval of the URL + serverCert param
	that it gets.  This should be done over HTTPS not HTTP.

  proxyHost
	string, default: none
	Do not try to guess the proxy's hostname, use the value in
	proxyHost.  Does not imply forceProxy (below.)

  proxyPort
	string, default: none
	Do not try to guess the proxy's port number, use the value in
	proxyPort.  Does not imply forceProxy (below.)

  forceProxy
	yes/no, default: no
	Assume there is a proxy and force its use.

	If a string other than "yes" or "no" is given, it implies "yes"
	and uses the string for proxyHost and proxyPort (see above).
	In this case the string must be of the form "hostname+port".
	Note that it is "+" and not ":" before the port number.

  ignoreProxy
	yes/no, default: no
	Don't check for a proxy, assume there is none.

  trustAllVncCerts
	yes/no, default: no
	Automatically trust any cert received from the VNC server
	(obviously this could be dangerous and lead to man in the
	middle attack).  Do not ask the user to verify any of these
	certs from the VNC server.

  trustUrlVncCert
	yes/no, default: no
	Automatically trust any cert that the web browsers has accepted.
	E.g. the user said "Yes" or "Continue" to a web browser dialog
	regarding a certificate.  If we get the same cert (chain) from
	the VNC server we trust it without prompting the user.

  debugCerts
	yes/no, default: no
	Print out every cert in the Server, TrustUrl, TrustAll chains.


TightVNC Java viewer only:

  Offer Relogin
	yes/no, default: yes
	"Offer Relogin" set to "No" disables "Login again" 

  SocketFactory
	string, default: none
	set Java Socket class factory.

UltraVNC Java viewer only:

  None.

  The following are added by x11vnc and/or ssvnc project
  
  ftpDropDown
	string, default: none
	Sets the file transfer "drives" dropdown to the "." separated
	list.  Use "+" for space. The default is

		My+Documents.Desktop.Home

	for 3 entries in the dropdown in addition to the "drives"
	(e.g. C:\)  These items should be expanded properly by the VNC
	Server.  x11vnc will prepend $HOME to them, which is normally
	what one wants.  To include a "/" use "_2F_".  Another example:

		Home.Desktop.bin_2F_linux

	If an item is prefixed with "TOP_" then the item is inserted at
	the top of the drop down rather than being appended to the end.
	E.g. to try to initially load the user homedir instead of /:

		TOP_Home.My+Documents.Desktop

	If ftpDropDown is set to the empty string, "", then no special
	locations, [Desktop] etc., are placed in the drop down.  Only the
	ultravnc "drives" will appear.

  ftpOnly
	yes/no, default: no
	The VNC viewer only shows the filetransfer panel, no desktop
	is displayed.

  graftFtp
	yes/no, default: no
	As ftpOnly, the VNC viewer only shows the filetransfer panel,
	no desktop is displayed, however it is "grafted" onto an existing
	SSVNC unix vncviewer.  The special SSVNC vncviewer merges the two
	channels.

  dsmActive
	yes/no, default: no
	Special usage mode with the SSVNC unix vncviewer.  The UltraVNC
	DSM encryption is active.  Foolishly, UltraVNC DSM encryption
	*MODIFIES* the VNC protocol when active (it is not a pure tunnel).
	This option indicates to modify the VNC protocol to make this work. 
	Usually only used with graftFtp and SSVNC unix vncviewer.

  delayAuthPanel
	yes/no, default: no
	This is another special usage mode with the SSVNC unix vncviewer.
	A login panel is delayed (not shown at startup.)  Could be useful
	for non SSVNC usage too.

  ignoreMSLogonCheck
	yes/no, default: no
	Similar to delayAuthPanel, do not put up a popup asking for
	Windows username, etc.