projects / platform / upstream / freerdp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80cb1dd) | patch
Add new command-line option to force xfreerdp into a fips compliant mode.
authorBrent Collins <bcollins@forcepoint.com>
Fri, 7 Apr 2017 21:54:08 +0000 (16:54 -0500)
committerArmin Novak <armin.novak@thincast.com>
Fri, 17 Nov 2017 11:43:06 +0000 (12:43 +0100)
commitd98b88642ba73d58300baacdff0469778f9c37de
tree41f9cb810cae0e2286c1dc3436173219cd0a2960tree | snapshot
parent80cb1dd23cd9dea575416fe91c984fe60a216203commit | diff
Add new command-line option to force xfreerdp into a fips compliant mode.

This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
14 files changed:
client/common/cmdline.c diff | blob | history
include/freerdp/settings.h diff | blob | history
libfreerdp/common/settings.c diff | blob | history
libfreerdp/core/certificate.c diff | blob | history
libfreerdp/core/connection.c diff | blob | history
libfreerdp/core/license.c diff | blob | history
libfreerdp/core/security.c diff | blob | history
libfreerdp/core/settings.c diff | blob | history
libfreerdp/crypto/tls.c diff | blob | history
winpr/include/winpr/crypto.h diff | blob | history
winpr/include/winpr/ssl.h diff | blob | history
winpr/libwinpr/crypto/cipher.c diff | blob | history
winpr/libwinpr/crypto/hash.c diff | blob | history
winpr/libwinpr/utils/ssl.c diff | blob | history
Domain: Graphics System / Display Server;