diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index d8db0b1ed..bb999e155 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -1384,15 +1384,15 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s) return FALSE; RequestedProtocols = nego_get_requested_protocols(nego); - WLog_INFO(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d", - (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0, - (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0, - (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0, - (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0); - WLog_INFO(TAG, - "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "", - settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity, - settings->RdpSecurity); + WLog_DBG(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d", + (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0, + (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0, + (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0, + (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0); + WLog_DBG(TAG, + "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "", + settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity, + settings->RdpSecurity); if ((settings->RdstlsSecurity) && (RequestedProtocols & PROTOCOL_RDSTLS)) { @@ -1442,11 +1442,11 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s) if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO)) { - WLog_INFO(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d", - (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0, - (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0, - (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0, - (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0); + WLog_DBG(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d", + (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0, + (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0, + (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0, + (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0); } if (!nego_set_selected_protocol(nego, SelectedProtocol)) @@ -1491,8 +1491,8 @@ BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s) if (!mcs_server_apply_to_settings(mcs, rdp->settings)) return FALSE; - WLog_INFO(TAG, "Accepted client: %s", rdp->settings->ClientHostname); - WLog_INFO(TAG, "Accepted channels:"); + WLog_DBG(TAG, "Accepted client: %s", rdp->settings->ClientHostname); + WLog_DBG(TAG, "Accepted channels:"); WINPR_ASSERT(mcs->channels || (mcs->channelCount == 0)); for (UINT32 i = 0; i < mcs->channelCount; i++) @@ -1500,7 +1500,7 @@ BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s) ADDIN_ARGV* arg; rdpMcsChannel* cur = &mcs->channels[i]; const char* params[1] = { cur->Name }; - WLog_INFO(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId); + WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId); arg = freerdp_addin_argv_new(ARRAYSIZE(params), params); if (!arg) return FALSE; diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c index 82fd751c5..06d16458b 100644 --- a/libfreerdp/core/gcc.c +++ b/libfreerdp/core/gcc.c @@ -1737,35 +1737,37 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs) /* TLS/NLA is used: disable rdp style encryption */ settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE; } - - /* verify server encryption level value */ - switch (settings->EncryptionLevel) + else { - case ENCRYPTION_LEVEL_NONE: - WLog_INFO(TAG, "Active rdp encryption level: NONE"); - break; + /* verify server encryption level value */ + switch (settings->EncryptionLevel) + { + case ENCRYPTION_LEVEL_NONE: + WLog_INFO(TAG, "Active rdp encryption level: NONE"); + break; - case ENCRYPTION_LEVEL_FIPS: - WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant"); - break; + case ENCRYPTION_LEVEL_FIPS: + WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant"); + break; - case ENCRYPTION_LEVEL_HIGH: - WLog_INFO(TAG, "Active rdp encryption level: HIGH"); - break; + case ENCRYPTION_LEVEL_HIGH: + WLog_INFO(TAG, "Active rdp encryption level: HIGH"); + break; - case ENCRYPTION_LEVEL_LOW: - WLog_INFO(TAG, "Active rdp encryption level: LOW"); - break; + case ENCRYPTION_LEVEL_LOW: + WLog_INFO(TAG, "Active rdp encryption level: LOW"); + break; - case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE: - WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE"); - break; + case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE: + WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE"); + break; - default: - WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "", - settings->EncryptionLevel); - WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE"); - settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; + default: + WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "", + settings->EncryptionLevel); + WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE"); + settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; + } } /* choose rdp encryption method based on server level and client methods */ @@ -1825,31 +1827,34 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs) } /* log selected encryption method */ - switch (settings->EncryptionMethods) + if (settings->UseRdpSecurityLayer) { - case ENCRYPTION_METHOD_NONE: - WLog_INFO(TAG, "Selected rdp encryption method: NONE"); - break; + switch (settings->EncryptionMethods) + { + case ENCRYPTION_METHOD_NONE: + WLog_INFO(TAG, "Selected rdp encryption method: NONE"); + break; - case ENCRYPTION_METHOD_40BIT: - WLog_INFO(TAG, "Selected rdp encryption method: 40BIT"); - break; + case ENCRYPTION_METHOD_40BIT: + WLog_INFO(TAG, "Selected rdp encryption method: 40BIT"); + break; - case ENCRYPTION_METHOD_56BIT: - WLog_INFO(TAG, "Selected rdp encryption method: 56BIT"); - break; + case ENCRYPTION_METHOD_56BIT: + WLog_INFO(TAG, "Selected rdp encryption method: 56BIT"); + break; - case ENCRYPTION_METHOD_128BIT: - WLog_INFO(TAG, "Selected rdp encryption method: 128BIT"); - break; + case ENCRYPTION_METHOD_128BIT: + WLog_INFO(TAG, "Selected rdp encryption method: 128BIT"); + break; - case ENCRYPTION_METHOD_FIPS: - WLog_INFO(TAG, "Selected rdp encryption method: FIPS"); - break; + case ENCRYPTION_METHOD_FIPS: + WLog_INFO(TAG, "Selected rdp encryption method: FIPS"); + break; - default: - WLog_ERR(TAG, "internal error: unknown encryption method"); - return FALSE; + default: + WLog_ERR(TAG, "internal error: unknown encryption method"); + return FALSE; + } } const size_t posHeader = Stream_GetPosition(s); diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c index fc4890eff..fbeda7a72 100644 --- a/libfreerdp/core/peer.c +++ b/libfreerdp/core/peer.c @@ -256,13 +256,18 @@ static BOOL freerdp_peer_initialize(freerdp_peer* client) return FALSE; } - if (!freerdp_certificate_is_rdp_security_compatible(cert)) + if (freerdp_settings_get_bool(settings, FreeRDP_RdpSecurity)) { - if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE)) - return FALSE; - if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE)) - return FALSE; + + if (!freerdp_certificate_is_rdp_security_compatible(cert)) + { + if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE)) + return FALSE; + if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE)) + return FALSE; + } } + if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_INITIAL)) return FALSE;