Ubuntu
vino package

By default, Vino requires insecure anonymous Diffie Hellman ciphers for encryption and is incompatible with Android 6+ devices

Bug #1615251 reported by Iordan Iordanov
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
vino
Unknown
Unknown
vino (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Anonymous Diffie Hellman certificates do not provide identity verification (unlike x509 certificates). Therefore, while they provide link encryption, they do not guard against man-in-the-middle attacks. Google decided to drop support for these certificates in v6.0+ (API23):
https://developer.android.com/reference/javax/net/ssl/SSLEngine.html

This means that my application, bVNC, (open-source VNC client for Android, https://play.google.com/store/apps/details?id=com.iiordanov.freebVNC) no longer works unless Vino encryption requirement is disabled (e.g. with gsettings set org.gnome.Vino require-encryption false)!

This forces me to recommend other VNC clients - x11vnc or TigerVNC - for users that need to encrypt their VNC connections on Android 6+. For more background, see:

https://groups.google.com/forum/#!topic/bvnc-ardp-aspice-opaque-android-bb10-clients/lINJkYJbN-U

Both x11vnc and TigerVNC support VeNCrypt (with x509 certificates that support identity verification), and in my opinion, it is time for Vino, as the standard remote desktop solution for Ubuntu, to also consider supporting a modern encryption technique.

In addition to x509 certificates, VeNCrypt also supports authenticating with a user name and an arbitrary length password, which means that if Vino so chooses, it can also utilize PAM and allow users to connect to their desktop machine with their actual Ubuntu credentials

Furthermore, if we want to get really fancy, this means that we could launch vino at start-up and even allow people to connect to their machine when nobody is logged in like Mac OS X permits with its VNC server.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: vino 3.8.1-0ubuntu9
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Sat Aug 20 12:26:23 2016
InstallationDate: Installed on 2014-02-28 (903 days ago)
InstallationMedia: Ubuntu 12.04.4 LTS "Precise Pangolin" - Release amd64 (20140204)
SourcePackage: vino
UpgradeStatus: Upgraded to xenial on 2016-07-30 (21 days ago)

Revision history for this message
Iordan Iordanov (iiordanov) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vino (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.

Changed in vino (Ubuntu):
importance: Undecided → Low
Revision history for this message
John Call (johnsimcall) wrote :

Upstream bug at https://bugzilla.gnome.org/show_bug.cgi?id=728267

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.