fix(dgw): enable SSL protocol in RDP proxy

[TheBestTvarynka]

Hi,

During the debugging, I faced the following error message when connecting using mstscex:

The error happened right after sending the erectDomainrequest packet by mstsc:

It turned out that the problem was in the ConnectionRequest PDU sent from the Devolutions Gateway to the target RDP server. The mstsc expects the ConnectionRequest flags to be the same. The connection fails when the proxy alters security protocol flags. That is what I came up with.

I found a very similar problem here: https://serverfault.com/a/720161:

The error was in this step:

The proxy receives and modifies (if necessary) the ConnectionRequestPDU message of the RDP Protocol to ensure the SupportedProtocol flags are set to ProtocolHybrid & ProtocolSSL. This will ensure the use of CredSSP. That is forwarded to srvPPassTest2.

As it turns out, I also had to set the ProtocolHybridEx flag in the ConnectionRequestPDU. I'm guessing this is because the forwarded messages, the ones after the TSCredential, care about this flag.

That being the case, I've decided to just forward the flags used by the client, instead of building them myself. If the ProtocolHybrid flag isn't set, I'll error out gently since we require Network Level Authentication (NLA) be used.

cc @awakecoding

[CBenoit]

Marking as draft to avoid merging in your other branch by mistake

[TheBestTvarynka]

@CBenoit, I don't know why the CI failed 😕. All tests are green on my Windows machine. The error message in the CI logs is not clear. I wanted just to re-run the failed job, but I do not have enough permissions to do so

[RRRadicalEdward]

@CBenoit, I don't know why the CI failed 😕. All tests are green on my Windows machine. The error message in the CI logs is not clear. I wanted just to re-run the failed job, but I do not have enough permissions to do so

@TheBestTvarynka I did the re-run.

[TheBestTvarynka]

@CBenoit, I think you can merge this PR now. The CI is green 💚