Description
The default dh params are currently 1024 bits which has become considered weak. Updating this to 2048 bits or larger will solve the issue.
Reproduction Steps
Setup an Xvfb server. Run x11vnc with the -ssl switch. Connect to it with tigervncviewer.
Xvfb :0 -screen 0 100x100x8 &
sleep 2
x11vnc -ssl TMP -display :0 -localhost -bg -o server.log
vncviewer -DesktopSize=0 -display :0
Expected Behavior
The vncviewer should connect without SSL errors.
Desktop
- OS and version: Debian 12
- Xorg version used: 1:7.7+23
Additional context
- One workaround is to generate the dhparams and then do
x11vnc -dhparams [file] ...
- Another workaround is
vncviewer -GnuTLSPriority=LEGACY ...
I am aware of these solutions but they skirt the problem.
Description
The default dh params are currently 1024 bits which has become considered weak. Updating this to 2048 bits or larger will solve the issue.
Reproduction Steps
Setup an Xvfb server. Run x11vnc with the -ssl switch. Connect to it with tigervncviewer.
Expected Behavior
The vncviewer should connect without SSL errors.
Desktop
Additional context
x11vnc -dhparams [file] ...vncviewer -GnuTLSPriority=LEGACY ...I am aware of these solutions but they skirt the problem.