Bug 1166571

Summary: Problem in connecting to MS Win 2008R2 using freerdp after crypto-policies update
Product: [Fedora] Fedora Reporter: piio <bugzilla>
Component: crypto-policiesAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: nmavrogi, wgianopoulos
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-24 10:12:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1166526, 1220679    
Bug Blocks:    

Description piio 2014-11-21 09:18:14 UTC 
Description of problem:
After update to crypto-policies-20141119-1.gitbe6fb4f.fc22.noarch I can't connect to MS Win 2008R2 servers using NLA using freerdp and remmina with error protocol security negotiation or connection failure, freerdp_set_last_error 0x20008
Error: protocol security negotiation or connection failure
Reverting back to crypto-policies-20140905-1.git4649b7d.fc22.noarch resolves problem.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Nikos Mavrogiannopoulos 2014-11-21 10:32:05 UTC 
This is because that change disables SSL 3.0. Can't these servers use TLS 1.0 or later?
Comment 2 Nikos Mavrogiannopoulos 2014-11-21 13:51:48 UTC 
*** Bug 1166686 has been marked as a duplicate of this bug. ***
Comment 3 Bill Gianopoulos 2014-11-21 17:36:42 UTC 
(In reply to Nikos Mavrogiannopoulos from comment #1)
> This is because that change disables SSL 3.0. Can't these servers use TLS
> 1.0 or later?

Well, even if it is possible to somehow change things on the Windows side to make this work, unless that change gets pushed via Windows update, that is still going to make this look very broken for many users.
Comment 4 Nikos Mavrogiannopoulos 2014-11-24 10:12:08 UTC 
I've reverted the SSL 3.0 prohibition until there is some change request to disable it globally. Then we see how such programs can work around it.
Comment 5 Bill Gianopoulos 2014-12-20 18:08:31 UTC 
This appears to have been fixed by a subsequent update to freerdp-libs.