• caglararli@hotmail.com
  • 05386281520

Disabled MD5 and enabled SHA under SCHANNEL/Hashes in registry. xfreerdp fails with an ssl i/o error

Çağlar Arlı      -    40 Views

Disabled MD5 and enabled SHA under SCHANNEL/Hashes in registry. xfreerdp fails with an ssl i/o error

So delving into securing server and not quite understanding how I broke the ability to rdp into my server (using xfreerdp). I disabled MD5 as an available hash and enabled SHA. The exact changes in the registry I made were to:

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5
  Disabled this.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA
  Enabled this.

I am not finding any information on exactly how xfreerdp handles authentication (but guessing it aligns to rdp), which tells me it uses NLA (authenticates prior to passing the full rdp session). I have been scrounging online but cannot determine why xfreerdp is failing to authenticate once I force the server to only allow SHA hashing algorithms (unless it just simply only supports MD5? Searching online i see references to SHA but cannot find a definitive answer). Any thoughts on why disabling MD5 on the server is breaking xfreerdp connections?