1 This directory contains a patched Java applet VNC viewer that is SSL
4 The patches in the *.patch files are relative to the source tarball:
6 tightvnc-1.3dev7_javasrc.tar.gz
8 currently (4/06) available here:
10 http://prdownloads.sourceforge.net/vnc-tight/tightvnc-1.3dev7_javasrc.tar.gz?download
12 It also includes some simple patches to:
14 - fix richcursor colors
16 - make the Java Applet cursor (not the cursor drawn to the canvas
17 framebuffer) invisible when it is inside the canvas.
19 - allow Tab (and some other) keystrokes to be sent to the vnc
20 server instead of doing widget traversal.
23 This SSL applet should work with any VNC viewer that has an SSL tunnel in
24 front of it. It has been tested on x11vnc and using the stunnel tunnel
27 By default this Vnc Viewer will only do SSL. To do unencrypted traffic
28 see the "DisableSSL" applet parameter (e.g. set it to Yes in index.vnc).
30 Proxies: they are a general problem with java socket applets (a socket
31 connection does not go through the proxy). See the info in the proxy.vnc
32 file for a workaround. It uses SignedVncViewer.jar which is simply
33 a signed version of VncViewer.jar. The basic idea is the user clicks
34 "Yes" to trust the applet and then it can connect directly to the proxy
35 and issue a CONNECT request.
37 This applet has been tested on versions 1.4.2 and 1.5.0 of the Sun
38 Java plugin. It may not work on older releases or different vendor VM's.
39 Send full Java Console output for failures.
41 ---------------------------------------------------------------
44 When doing single-port proxy connections (e.g. both VNC and HTTPS
45 thru port 5900) it helps to move through the 'do you trust this site'
46 dialogs quickly. x11vnc has to wait to see if the traffic is VNC or
47 HTTP and this can cause timeouts if you don't move thru them quickly.
49 You may have to restart your browser completely if it gets into a
50 weird state. For one case we saw the JVM requesting VncViewer.class
51 even when no such file exists.
54 ---------------------------------------------------------------
57 ss_vncviewer (not Java):
59 Wrapper script for native VNC viewer to connect to x11vnc in
60 SSL mode. Script launches stunnel(8) and then connects to it
61 via localhost which in turn is then redirected to x11vnc via an
62 SSL tunnel. stunnel(8) must be installed and available in PATH.
65 Running Java SSL VncViewer from the command line:
69 java -cp ./VncViewer.jar VncViewer HOST <thehost> PORT <theport>
71 substitute <thehost> and <theport> with the actual values.
72 You can add any other parameters, e.g.: ignoreProxy yes
74 ---------------------------------------------------------------
77 The UltraVNC java viewer has also been patched to support SSL. Various
78 bugs in the UltraVNC java viewer were also fixed. This viewer can be
79 useful because is support UltraVNC filetransfer, and so it works on
83 SignedUltraViewerSSL.jar
86 ultravnc-102-JavaViewer-ssl-etc.patch
88 ---------------------------------------------------------------
91 Some additional applet parameters can be set via the URL, e.g.
93 http://host:5800/?param=value
94 http://host:5800/ultra.vnc?param=value
95 https://host:5900/ultra.vnc?param=value
97 etc. If running java from command line as show above, it comes
98 in as java ... VncViewer param value ...
100 There is a limitation with libvncserver that param and value can
101 only be alphanumeric, underscore, "+" (for space), or "."
103 We have added some applet parameters to the stock VNC java
104 viewers. Here are the applet parameters:
106 Both TightVNC and UltraVNC Java viewers:
109 string, default: none.
110 The Hostname to connect to.
114 The VNC server port to connect to.
118 Run applet in separate frame.
122 Show Controls button panel.
126 Do we continue showing desktop on remote disconnect?
136 Defer update requests
141 The following are added by x11vnc and/or ssvnc project
145 Like PORT, but if there is a firewall this is the Actual VNC
146 server port. PORT might be a redir port on the firewall.
150 Do unencrypted connection, no SSL.
153 number, default: none
154 When checking for proxy, use this at the url port number.
157 string, default: none
158 Sets to host:port for the CONNECT line to a Web proxy.
159 The Web proxy should connect us to it.
163 Set to do a special HTTP GET (/request.https.vnc.connection)
164 to the vnc server that will cause it to switch to VNC instead.
165 This is to speedup/make more robust, the single port HTTPS and VNC
166 mode of x11vnc (e.g. both services thru port 5900, etc)
169 string, default: none
170 set to a string that will be prefixed to all URL's when contacting
171 the VNC server. Idea is a special proxy will use this to indicate
172 internal hostname, etc.
175 string, default: none
176 set a special hex "key" to correspond to an SSL X.509 cert.
177 See the 'onetimekey' helper script. Can also be PROMPT to
178 prompt the user to paste the hex key string in.
180 This is to try to work around the problem that the Java
181 applet cannot keep an SSL keystore on disk, etc.
182 E.g. if they log into an HTTPS website via password they
183 are authenticated and encrypted, then the website can
184 safely put oneTimeKey=... on the URL. The Vncviewer
185 authenticates the VNC server with this key.
189 Assume there is a proxy.
193 Don't check for a proxy, assume there is none.
197 Automatically trust any cert received from the VNC server
198 (obviously this could be dangerous and lead to man in the
199 middle attack). Do not ask the user to verify any of these
200 certs from the VNC server.
204 Automatically trust any cert that the web browsers has accepted.
205 E.g. the user said "Yes" or "Continue" to a web browser dialog
206 regarding a certificate. If we get the same cert from the VNC
207 server we trust it without prompting the user.
209 TightVNC Java viewer only:
213 "Offer Relogin" set to "No" disables "Login again"
216 string, default: none
217 set Java Socket class factory.
219 UltraVNC Java viewer only:
222 string, default: none
223 VNC session password in plain text.
226 string, default: none
227 VNC session password in encrypted in DES with KNOWN FIXED
228 key. It is a hex string. This is like the ~/.vnc/passwd format.
230 The following are added by x11vnc and/or ssvnc project
233 string, default: none
234 Sets the file transfer "drives" dropdown to the "." separated
235 list. Use "+" for space. The default is
237 My+Documents.Desktop.Home
239 for 3 entries in the dropdown in addition to the "drives"
240 (e.g. C:\) These items should be expanded properly by the VNC
241 Server. x11vnc will prepend $HOME to them, which is normally
242 what one wants. To include a "/" use "_2F_". Another example:
244 Home.Desktop.bin_2F_linux
248 The VNC viewer only shows the filetransfer panel, no desktop
253 As ftpOnly, the VNC viewer only shows the filetransfer panel,
254 no desktop is displayed, however it is "grafted" onto an existing
255 SSVNC unix vncviewer. The special SSVNC vncviewer merges the two
260 Special usage mode with the SSVNC unix vncviewer. The UltraVNC
261 DSM encryption is active. Foolishly, UltraVNC DSM encryption
262 *MODIFIES* the VNC protocol when active (it is not a pure tunnel).
263 This option indicates to modify the VNC protocol to make this work.
264 Usually only used with graftFtp and SSVNC unix vncviewer.
268 This is another special usage mode with the SSVNC unix vncviewer.
269 A login panel is delayed (not shown at startup.) Could be useful
270 for non SSVNC usage too.
274 Similar to delayAuthPanel, do not put up a popup asking for
275 Windows username, etc.