Description of problem: This patch (http://pkgs.fedoraproject.org/cgit/rpms/libvncserver.git/tree/LibVNCServer-0.9.10-system-crypto-policy.patch) changes the TLS priority string but it leaves in +SRP which is not supported by Fedora's version of GnuTLS. GnuTLS rejects the priority string and the connection fails. Version-Release number of selected component (if applicable): 0.9.10, 0.9.11 How reproducible: Always. Steps to Reproduce: 1. Start a TigerVNCServer with x509vnc enabled 2. Try to connect using Remmina as client (which uses libvncserver's client) Actual results: Remmina fails with an authentication failed error, but looking through the debug output of Remmina and GnuTLS shows that the priority string is wrong: Remmina: [VNC]VNC server supports protocol version 3.8 (viewer 3.8) [VNC]We have 1 security types to read [VNC]0) Received security type 19 [VNC]Selecting security type 19 (0/1 in the list) [VNC]Selected Security Scheme 19 [VNC]GnuTLS initialized. [VNC]Got VeNCrypt version 0.2 from server. [VNC]We have 1 security types to read [VNC]0) Received security type 261 [VNC]Selecting security type 261 (0/1 in the list) [VNC]No client certificate or key provided. [VNC]No CRL provided. [VNC]TLS session initialized. [VNC]TLS handshake failed: No or insufficient priorities were set.. GNUTLS_DEBUG_LEVEL=99: gnutls[3]: ASSERT: extensions.c[_gnutls_get_extension]:65 gnutls[3]: ASSERT: extensions.c[_gnutls_get_extension]:65 gnutls[3]: ASSERT: mpi.c[_gnutls_x509_read_uint]:246 gnutls[5]: REC[0x7fc83805c530]: Allocating epoch #0 gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed gnutls[2]: resolved 'SYSTEM' to 'NONE:+AEAD:+SHA1:+SHA256:+SHA384:+SHA512:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+PSK:+DHE-PSK:+ECDHE-PSK:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW', next '' gnutls[2]: selected priority string: NONE:+AEAD:+SHA1:+SHA256:+SHA384:+SHA512:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+PSK:+DHE-PSK:+ECDHE-PSK:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW:+SRP gnutls[3]: ASSERT: priority.c[gnutls_priority_set_direct]:1497 gnutls[3]: ASSERT: handshake.c[gnutls_handshake]:2577 gnutls[5]: REC[0x7fc83805c530]: Start of epoch cleanup gnutls[5]: REC[0x7fc83805c530]: End of epoch cleanup gnutls[5]: REC[0x7fc83805c530]: Epoch #0 freed Expected results: Remmina should connect successfully. Additional info:
afaik it looks like this would affect 26 and rawhide as well.
libvncserver-0.9.11-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-6125002d79
libvncserver-0.9.11-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e08170fd3
libvncserver-0.9.11-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd5d2381e4
libvncserver-0.9.11-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-6125002d79
libvncserver-0.9.11-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd5d2381e4
libvncserver-0.9.11-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e08170fd3
libvncserver-0.9.11-2.fc25.1 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e08170fd3
libvncserver-0.9.11-2.fc24.1 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd5d2381e4
libvncserver-0.9.11-2.fc24.1 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd5d2381e4
libvncserver-0.9.11-2.fc25.1 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e08170fd3
Test case works for me now with libvncserver-0.9.11-2.fc25.1 and remmina-plugins-vnc-1.2.0-0.34.20170424git2c0a77e.fc25.x86_64.rpm from Fedora 25 testing repository.
libvncserver-0.9.11-2.fc24.1 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
libvncserver-0.9.11-2.fc25.1 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
libvncserver-0.9.11-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.