With encryption enabled, all connections requires encrypted with DSM plugins.
But it is nice to have a option that allowing nonencrypted connections connecting to server. It would be more flexible for users.
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-14: 1.7.1.X-dev release builds need tests and feedback: https://forum.uvnc.com/viewtopic.php?t=38134
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Option for fallbacking to nonencrypted connection
Re: Option for fallbacking to nonencrypted connection
IMHO it's a security risk to allow non encrypted connections even when an encryption plugin is required on a server.
That's why we haven't allowed the JavaViewer (that doesn't support DSM yet) to connect when a DSM plugin is used on the server. It would be easy to do, but I really think it's unsafe.
That's why we haven't allowed the JavaViewer (that doesn't support DSM yet) to connect when a DSM plugin is used on the server. It would be easy to do, but I really think it's unsafe.
UltraSam
Re: Option for fallbacking to nonencrypted connection
So this option is unchecked by default. When checking this option, popup a message to notify users that allowing nonencrypted connections is unsafe.UltraSam wrote:IMHO it's a security risk to allow non encrypted connections even when an encryption plugin is required on a server.
That's why we haven't allowed the JavaViewer (that doesn't support DSM yet) to connect when a DSM plugin is used on the server. It would be easy to do, but I really think it's unsafe.
When nonencrypted connections connect the server, a "warning" event log generates.
I think this will help.
Last edited by roytam1 on 2007-06-07 11:13, edited 2 times in total.
Re: Option for fallbacking to nonencrypted connection
And what about vice versa condition?
Client side using DSM plugins to connect to server, server side has DSM plugins but not enable them.
Will they connect?
Client side using DSM plugins to connect to server, server side has DSM plugins but not enable them.
Will they connect?
Re: Option for fallbacking to nonencrypted connection
All data sent by the viewer would be encrypted... so the server would have to implement and return a special error code to the viewer to tell it not to encrypt its data... a lot of work...
UltraSam
Re: Option for fallbacking to nonencrypted connection
if server has DSM plugins, what about using DSM plugins for that session automaticly?UltraSam wrote:All data sent by the viewer would be encrypted... so the server would have to implement and return a special error code to the viewer to tell it not to encrypt its data... a lot of work...
Re: Option for fallbacking to nonencrypted connection
For now, there's no intitial handshaking or key exchange in DSMplugin stuff that could allow for an easy DSM/no DSM dynamic switching over the same connection session
Given the current DSM codebase, there are only 2 possibilities:
1. The server understands the very first bytes sent by the viewer: same DSMPlugin used on both sides (with same key), or clear connection -> the connection can continue and regular UltraVNC handshaking/password is done
2. The server does not understand the very first bytes sent by the viewer: the viewer is using a plugin and not the server, or the server is not using a plugin and the server does, or both are using a different plugin, or plugin encryption keys are different -> in all these cases the connection is immediatly dropped and an exception is raised in the viewer.
Given the current DSM codebase, there are only 2 possibilities:
1. The server understands the very first bytes sent by the viewer: same DSMPlugin used on both sides (with same key), or clear connection -> the connection can continue and regular UltraVNC handshaking/password is done
2. The server does not understand the very first bytes sent by the viewer: the viewer is using a plugin and not the server, or the server is not using a plugin and the server does, or both are using a different plugin, or plugin encryption keys are different -> in all these cases the connection is immediatly dropped and an exception is raised in the viewer.
UltraSam
Re: Option for fallbacking to nonencrypted connection
hello roytam1,
despite known limit of MSRC4 (single thread)
Option for fallbacking to nonencrypted connection is available with
ultravnc 1.0.8.x and above (vncviewer and winvnc)
vncviewer.exe -dsmplugin securevncplugin.dsm -autoacceptnodsm -disablesponsor -autoacceptincoming -listen
function available only with Secure VNC DSM Plugin (multi-threaded) from Adam D. Walling and winvnc and vncviewer 1.0.8.x
allow multi vncviewer to multi winvnc (shared multi secure VNC connection)
despite known limit of MSRC4 (single thread)
Option for fallbacking to nonencrypted connection is available with
ultravnc 1.0.8.x and above (vncviewer and winvnc)
vncviewer.exe -dsmplugin securevncplugin.dsm -autoacceptnodsm -disablesponsor -autoacceptincoming -listen
function available only with Secure VNC DSM Plugin (multi-threaded) from Adam D. Walling and winvnc and vncviewer 1.0.8.x
allow multi vncviewer to multi winvnc (shared multi secure VNC connection)
UltraVNC 1.0.9.6.1 (built 20110518)
Windows OS: XP Home + Vista Business + 7 Home
Only experienced user, [u]not[/u] developer
Windows OS: XP Home + Vista Business + 7 Home
Only experienced user, [u]not[/u] developer