Cannot RDP to server after upgrading for TLS 1.2
Article ID: 121401
Updated On: 11-20-2018
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Upgraded server to support TLS 1.2. Cannot connect to the server via PAM RDP; however, RDP from the desktop works fine.
Environment
PAM 3.1.1
Resolution
The cipher suite was disabled during the server upgrade. Once it was re-enabled, PAM RDP worked again.
Additional Information
As of release 2.6, the RDP client (the applet) supports TLS 1.2 connections and supports the TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite.
In 3.2 we introduced forward secrecy for the RDP applet:
The RDP client applet supports TLS 1.2 connections and supports the TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite. The RDP Client also supports forward secrecy using the following supported cipher suites:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
Starting with 3.2, for the highest level of security, ensure your RDP server (target Windows Device) is configured to use forward secrecy with TLS 1.2 communication.
If you are on 3.1.1, your server has to support the TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite.
In 3.2 we introduced forward secrecy for the RDP applet:
The RDP client applet supports TLS 1.2 connections and supports the TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite. The RDP Client also supports forward secrecy using the following supported cipher suites:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
Starting with 3.2, for the highest level of security, ensure your RDP server (target Windows Device) is configured to use forward secrecy with TLS 1.2 communication.
If you are on 3.1.1, your server has to support the TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite.
Feedback
Was this article helpful?
Yes
No
Powered by
