none
Enchanced security negotiation direct approach RRS feed

  • Question

  • [MS-RDPBCGR] section 5.4.2.2 described direct approach of enchanced security negotiation. From what I understand in described scenario, client would start speaking TLS 1.0 without exchange of X.224 packets. Do I understand specification right?

    In which case, how do I configure client to use direct approach and what versions of rdp client support this method of security negotiation?

    Thanks!

    Wednesday, March 7, 2012 6:16 AM

All replies

  • Hi Panovodv:

    I have alerted the Protocol Documentation Team regarding your inquiry. A member of the team will be in touch soon.


    Regards, Obaid Farooqi

    Wednesday, March 7, 2012 6:46 PM
    Owner
  • Hi Panovodv:,

    I am reseraching this for you.


    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

    Wednesday, March 14, 2012 6:03 AM
    Moderator


  • Panovdv,

    Sorry for the delay.

    In the Direct Approach, X.224 packets do flow, but they flow after the security (i.e. TLS) handshake, so it is encrypted.  A scenario where Windows components will use the Direct Approach is in Remote Assistance.  The “hardcoding to use a specific security protocol when a connection is initiated” is transported between the end-points with the Remote Assistance invite (usually exchanged by e-mail or via a physically-exchanged file a.k.a. floppy-net).

    Bryan



    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

    Thursday, April 5, 2012 10:18 PM
    Moderator