- This topic has 0 replies, 1 voice, and was last updated 2 years, 6 months ago by .
Viewing 1 post (of 1 total)
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.
Hello All
Like some of you I’ve recently hit the issue that 9.1 does not offer passthrough of smartcard (or much else) to WVD/RDP, which really mucks up my plan of smartcard login to a RDS gateway/farm. The only way forward at the moment would be to revert to (gulp) 8.6.x which does support smartcard passthrough to RDS/WVD. Simple, right?
Wrong.
The passthrough was confirmed with direct RDP sessions etc, but the client (5070 running 8.6.807) would not connect to the gateway at all – it seemed that the TLS setup was stalling completely. After a lot of head scratching I think I have worked out the issue. The certificates I was using for the RDS were RSA with the SHA384 signature hash algorithm.
This was confirmed, first by using a self signed RSA with SHA256, then an identical CA issued cert with SHA384 swapped for 256. I’m fairly sure SHA384 is a part of the TLS 1.2 spec, so what is wrong with ThinOS 8.6? (note, the same SHA384 certs work fine with the 9.1 clients)
As a further annoyance, if you get past this gateway connection issue, you also hit a SHA384 hash issue with the smartcards as well, if they hold SHA384 user certs. It does not mention a TLS error and fails in a generic ‘logon failed’ kind of way. If you login with username and password, the smartcard works normally inside the RDS session itself.
I think (and please correct me if I’m wrong) that ThinOS 8.6.x has a limitation (or bug?) in its TLS stack that prevents local handling of SHA384 certs. This would explain the TS gateway session setup failure and the inability to perform thin client controlled logon using smartcards that require processing of SHA384 hashes.
Anyone else seen this? I cannot find any documentation of this and have reported to Dell. Really, really annoying double fail here – ideally they would sort out 9.1 passthrough..
-Rob-
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |