rustdesk-server-pro
rustdesk-server-pro copied to clipboard
rustdesk
RustDesk Server Pro (Windows) on Server versions below Windows Server 2022 - TLS_1.2 Problem?
After a long period of troubleshooting, testing, wiresharking and swearing, it looks like that its currently just a waste of time if you running RestDesk Server Pro (Windows) on a infrastructure that is using Windows Server versions below 2022 because Windows Server 2022 is the first system that has the ability to use TLS_1.3.
-> SMTP currently doesn't seem to work below TLS_1.3 (only a problem if target does not have TLS_1.3) https://github.com/rustdesk/rustdesk-server-pro/issues/99#issuecomment-1777223013
-> Secured LDAP currently doesn't seem to work below TLS_1.3 (This could be a problem if your Active Directory Server is not a Windows Server 2022) https://github.com/rustdesk/rustdesk-server-pro/issues/188
-> API doesn't seem to work - No automatic username, devicename, deviceinfo and no strategies are beeing applied (If your secured API Server is powered by a reverse proxy on a server older then 2022) https://github.com/rustdesk/rustdesk-server-pro/issues/19#issuecomment-1889166892
Just to make sure: I fully agree that TLS_1.3 ist the best way to go. You know that, i know that... and Microsoft know that too. That's because they want you to buy Windows Server 2022. But TLS_1.2 is still maintained and used by all other Windows Server systems below 2022. If that's the case that TLS_1.2 is the problem, there should be an information at the (Windows) documentation
We are using this tls library, it does support tls1.2, https://github.com/rustls/rustls?tab=readme-ov-file#current-functionality-with-default-crate-features. I do not think there is any library / software giving up support of tls 1.2 at this time being.
Can you send your urls of tls 1.2 servers (not working with RustDesk client or Pro) to us? we will investigate. You can send to my email [email protected] if it can not go public.
Thank you for your help!
I could but there isn't any license anymore on this Server. I installed everything on a Windows Server 2022 and it was working after settings everything up. The old installation is currently still there but i needed to switch my license to the new one.
No worries, we will try to find a tls 1.2 service for testing.
Tested with https://tls-v1-2.badssl.com:1012/ rusttls works well with tls 1.2
Hello and thank you for testing!
I got a very short time slot for testing (and transfering my license to the old server) I compared my web.config-File from both servers (old one and the server 2022 version). They are looking same - but still no luck. If i disable SSL (using http and Port 21114) the API Server works fine! That means there must be something with the IIS / reverse proxy / TLS.
Accessing the rustdesk server using the reverse proxy address via webbrowser works absolutely fine. Also the login feature from the rustdesk client - everything works exept seeing the username, computername and sysinfo in the devices-panel
Thanks for your testing. Is it possible you give me a chance to access your old one (my email [email protected])? No license is needed, I just need to test the tls 1.2 connectivity.
Thanks @User35123 providing the test url. I just tested, our tls lib (https://github.com/rustls/rustls) does not work with your server, though it works for https://tls-v1-2.badssl.com:1012/,. But native tls works for both. I am considering change to native tls in next release for better support of tls.
The error without proxy on my side:
error trying to connect: Connection reset by peer (os error 54)
The error with proxy on my side:
error trying to connect: tls handshake eof