[stunnel-users] Using stunnel to RDP into a SSL-enabled Windows box

Dmitry Gromov gromovd at gmail.com
Tue May 11 08:59:16 CEST 2010


On Mon, May 10, 2010 at 22:39, Daren Krive <daren.krive at gmail.com> wrote:
> Hi everyone,
> First of all I apologize if this has been asked before or if I am totally
> misunderstanding the purpose of stunnel altogether.  If so please bear with
> my ignorance.
> I am an IT consultant and I manage about 20+ Windows-based servers.  Some of
> these servers are accessible via VPN while others are accessible directly
> via RDP over the Internet.  For those that are exposed to the net I am using
> the SSL certificate feature of Remote Desktop by going into “Terminal
> Services Configuration” and configuring the connection to use an SSL (most
> of the time a self-signed cert).

Selecting SSL for security layer is actually for authentication. Even
that Microsoft states that encryption is better, if you read their
article, you will see that the same encryption strength could be
configured without SSL (TLS) authentication.

> I can connect to these machines no problem from Windows and I get a “lock”
> icon in my RDP client.  However I cannot connect to these machines using
> rdestkop under Ubuntu.  I have determined that if I turn off the requirement
> to use SSL on the server side (and instead allow the connection to use the
> built-in encryption of RDP) then I am able to connect with rdesktop.

rdesktop did not support TLS authentication last time I checked. The
developer mentioned on their mailing list that this feature is not
used often, so no time is spent on implementing it.

> I would very much like to avoid rebooting just to connect to these servers.
> I am also not willing to remove the requirement for the SSL connection.
> Is there a way I can use stunnel on my Ubuntu box to first establish a
> secure SSL connection and then use rdesktop over that connection?
> I have searched high and low for info on this and found nothing.  I have
> found instructions on how to use the Windows version of stunnel to secure
> RDP but that isn’t what I am trying to do.  The server is already using an
> SSL cert to encrypt the connection (not sure how many people know Windows
> 2003 and up can do this).  I am looking to get around the apparent lack of
> SSL support in rdesktop.

I do not know if it is possible to use stunnel with RDP in this
configuration - it seems like Microsoft is not using SSL but RC4 56 or
128 bit or FIPS-compliant encryption...

I'd suggest you set Security layer to Negotiate - this way you will
have the most flexible configuration.

> Best regards,
> Daren.
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users


More information about the stunnel-users mailing list