+++ /dev/null
-This directory contains a patched Java applet VNC viewer that is SSL
-enabled.
-
-The patches in the *.patch files are relative to the source tarball:
-
- tightvnc-1.3dev7_javasrc.tar.gz
-
-currently (4/06) available here:
-
- http://prdownloads.sourceforge.net/vnc-tight/tightvnc-1.3dev7_javasrc.tar.gz?download
-
-It also includes some simple patches to:
-
- - fix richcursor colors
-
- - make the Java Applet cursor (not the cursor drawn to the canvas
- framebuffer) invisible when it is inside the canvas.
-
- - allow Tab (and some other) keystrokes to be sent to the vnc
- server instead of doing widget traversal.
-
-
-This SSL applet should work with any VNC viewer that has an SSL tunnel in
-front of it. It has been tested on x11vnc and using the stunnel tunnel
-to other VNC servers.
-
-By default this Vnc Viewer will only do SSL. To do unencrypted traffic
-see the "DisableSSL" applet parameter (e.g. set it to Yes in index.vnc).
-
-Proxies: they are a general problem with java socket applets (a socket
-connection does not go through the proxy). See the info in the proxy.vnc
-file for a workaround. It uses SignedVncViewer.jar which is simply
-a signed version of VncViewer.jar. The basic idea is the user clicks
-"Yes" to trust the applet and then it can connect directly to the proxy
-and issue a CONNECT request.
-
-This applet has been tested on versions 1.4.2 and 1.5.0 of the Sun
-Java plugin. It may not work on older releases or different vendor VM's.
-Send full Java Console output for failures.
-
----------------------------------------------------------------
-Tips:
-
-When doing single-port proxy connections (e.g. both VNC and HTTPS
-thru port 5900) it helps to move through the 'do you trust this site'
-dialogs quickly. x11vnc has to wait to see if the traffic is VNC or
-HTTP and this can cause timeouts if you don't move thru them quickly.
-
-You may have to restart your browser completely if it gets into a
-weird state. For one case we saw the JVM requesting VncViewer.class
-even when no such file exists.
-
-
----------------------------------------------------------------
-Extras:
-
-ss_vncviewer (not Java):
-
- Wrapper script for native VNC viewer to connect to x11vnc in
- SSL mode. Script launches stunnel(8) and then connects to it
- via localhost which in turn is then redirected to x11vnc via an
- SSL tunnel. stunnel(8) must be installed and available in PATH.
-
-
-Running Java SSL VncViewer from the command line:
-
- From this directory:
-
- java -cp ./VncViewer.jar VncViewer HOST <thehost> PORT <theport>
-
- substitute <thehost> and <theport> with the actual values.
- You can add any other parameters, e.g.: ignoreProxy yes
-
----------------------------------------------------------------
-UltraVNC:
-
-The UltraVNC java viewer has also been patched to support SSL. Various
-bugs in the UltraVNC java viewer were also fixed. This viewer can be
-useful because is support UltraVNC filetransfer, and so it works on
-Unix, etc.
-
-UltraViewerSSL.jar
-SignedUltraViewerSSL.jar
-ultra.vnc
-ultraproxy.vnc
-ultravnc-102-JavaViewer-ssl-etc.patch
-
----------------------------------------------------------------
-Applet Parameters:
-
-Some additional applet parameters can be set via the URL, e.g.
-
- http://host:5800/?param=value
- http://host:5800/ultra.vnc?param=value
- https://host:5900/ultra.vnc?param=value
-
-etc. If running java from command line as show above, it comes
-in as java ... VncViewer param value ...
-
-There is a limitation with libvncserver that param and value can
-only be alphanumeric, underscore, "+" (for space), or "."
-
-We have added some applet parameters to the stock VNC java
-viewers. Here are the applet parameters:
-
-Both TightVNC and UltraVNC Java viewers:
-
- HOST
- string, default: none.
- The Hostname to connect to.
-
- PORT
- number, default: 0
- The VNC server port to connect to.
-
- Open New Window
- yes/no, default: no
- Run applet in separate frame.
-
- Show Controls
- yes/no, default: yes
- Show Controls button panel.
-
- Show Offline Desktop
- yes/no, default: no
- Do we continue showing desktop on remote disconnect?
-
- Defer screen updates
- number, default: 20
- Milliseconds delay
-
- Defer cursor updates
- number, default: 10
- Milliseconds delay
-
- Defer update requests
- number, default: 50
- Milliseconds delay
-
-
- The following are added by x11vnc and/or ssvnc project
-
- VNCSERVERPORT
- number, default: 0
- Like PORT, but if there is a firewall this is the Actual VNC
- server port. PORT might be a redir port on the firewall.
-
- DisableSSL
- yes/no, default: no
- Do unencrypted connection, no SSL.
-
- httpsPort
- number, default: none
- When checking for proxy, use this at the url port number.
-
- CONNECT
- string, default: none
- Sets to host:port for the CONNECT line to a Web proxy.
- The Web proxy should connect us to it.
-
- GET
- yes/no, default: no
- Set to do a special HTTP GET (/request.https.vnc.connection)
- to the vnc server that will cause it to switch to VNC instead.
- This is to speedup/make more robust, the single port HTTPS and VNC
- mode of x11vnc (e.g. both services thru port 5900, etc)
-
- urlPrefix
- string, default: none
- set to a string that will be prefixed to all URL's when contacting
- the VNC server. Idea is a special proxy will use this to indicate
- internal hostname, etc.
-
- oneTimeKey
- string, default: none
- set a special hex "key" to correspond to an SSL X.509 cert.
- See the 'onetimekey' helper script. Can also be PROMPT to
- prompt the user to paste the hex key string in.
-
- This is to try to work around the problem that the Java
- applet cannot keep an SSL keystore on disk, etc.
- E.g. if they log into an HTTPS website via password they
- are authenticated and encrypted, then the website can
- safely put oneTimeKey=... on the URL. The Vncviewer
- authenticates the VNC server with this key.
-
- forceProxy
- yes/no, default: no
- Assume there is a proxy.
-
- ignoreProxy
- yes/no, default: no
- Don't check for a proxy, assume there is none.
-
- trustAllVncCerts
- yes/no, default: no
- Automatically trust any cert received from the VNC server
- (obviously this could be dangerous and lead to man in the
- middle attack). Do not ask the user to verify any of these
- certs from the VNC server.
-
- trustUrlVncCert
- yes/no, default: no
- Automatically trust any cert that the web browsers has accepted.
- E.g. the user said "Yes" or "Continue" to a web browser dialog
- regarding a certificate. If we get the same cert from the VNC
- server we trust it without prompting the user.
-
-TightVNC Java viewer only:
-
- Offer Relogin
- yes/no, default: yes
- "Offer Relogin" set to "No" disables "Login again"
-
- SocketFactory
- string, default: none
- set Java Socket class factory.
-
-UltraVNC Java viewer only:
-
- PASSWORD
- string, default: none
- VNC session password in plain text.
-
- ENCPASSWORD
- string, default: none
- VNC session password in encrypted in DES with KNOWN FIXED
- key. It is a hex string. This is like the ~/.vnc/passwd format.
-
- The following are added by x11vnc and/or ssvnc project
-
- ftpDropDown
- string, default: none
- Sets the file transfer "drives" dropdown to the "." separated
- list. Use "+" for space. The default is
-
- My+Documents.Desktop.Home
-
- for 3 entries in the dropdown in addition to the "drives"
- (e.g. C:\) These items should be expanded properly by the VNC
- Server. x11vnc will prepend $HOME to them, which is normally
- what one wants. To include a "/" use "_2F_". Another example:
-
- Home.Desktop.bin_2F_linux
-
- ftpOnly
- yes/no, default: no
- The VNC viewer only shows the filetransfer panel, no desktop
- is displayed.
-
- graftFtp
- yes/no, default: no
- As ftpOnly, the VNC viewer only shows the filetransfer panel,
- no desktop is displayed, however it is "grafted" onto an existing
- SSVNC unix vncviewer. The special SSVNC vncviewer merges the two
- channels.
-
- dsmActive
- yes/no, default: no
- Special usage mode with the SSVNC unix vncviewer. The UltraVNC
- DSM encryption is active. Foolishly, UltraVNC DSM encryption
- *MODIFIES* the VNC protocol when active (it is not a pure tunnel).
- This option indicates to modify the VNC protocol to make this work.
- Usually only used with graftFtp and SSVNC unix vncviewer.
-
- delayAuthPanel
- yes/no, default: no
- This is another special usage mode with the SSVNC unix vncviewer.
- A login panel is delayed (not shown at startup.) Could be useful
- for non SSVNC usage too.
-
- ignoreMSLogonCheck
- yes/no, default: no
- Similar to delayAuthPanel, do not put up a popup asking for
- Windows username, etc.