Secure VNC with SSL problem

From: Salih <Salih.ML@xxxxxxxxx>
Date: Fri, 28 Mar 2008 17:06:34 -0700 (PDT)

I am trying secure access to my vncserver using SSL. Looks like the
following one is the only and the de-facto tutorial on the web:

http://www-128.ibm.com/developerworks/linux/library/l-sslvnc.html?ca=dgr-lnxw16SSLVNC

When I follow the steps and try to connect to the java-applet I
receive "Status: Connected to server" but it does not show my desktop,
all I get is a blank screen.

I opened the java-terminal and I see the following error:

"security: JSS package is not found
security: JSS is not configured
....
HttpURLConnection: Connection reset"

When I check the VNC errors I see the following:

"28/03/08 16:12:55 Got connection from client 0.0.0.0
28/03/08 16:12:55 Protocol version 3.3
28/03/08 16:13:25 rfbAuthProcessClientMessage: read: Connection reset
by peer
28/03/08 16:13:25 Client 0.0.0.0 gone
28/03/08 16:13:25 Statistics:
28/03/08 16:13:25 framebuffer updates 0, rectangles 0, bytes 0
28/03/08 16:13:55 httpd: get 'check.https.proxy.connection' for
0.0.0.0
28/03/08 16:13:55 httpProcessInput: open: No such file or directory
28/03/08 16:13:56 httpProcessInput: read: Connection reset by peer
28/03/08 16:13:56 httpProcessInput: read: Connection reset by peer"

SYSLOG gives:

r 28 16:13:56 cellular12 stunnel[19516]: SSL_accept: error:
1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Mar 28 16:13:57 cellular12 stunnel[19516]: 5801 connected from
74.62.18.62:30370
Mar 28 16:14:05 cellular12 stunnel[19516]: Connection closed: 106
bytes sent to SSL, 599 bytes sent to socket

It is as if trying to reach to an HTTPS site using HTTP. Do you have
any idea what I might be doing wrong?

-------------------------------------------------------------------------------------------------------
Detailed steps and logs are as follows:
- Started server: vncserver :5
- Created certificate: stunnel.pem
- Started stunnel: sudo stunnel -d 5835 -r 5801

SYSLOG
=============================
Mar 28 14:32:47 cellular12 stunnel[18994]: Using '5801' as tcpwrapper
service name
Mar 28 14:32:47 cellular12 stunnel[18994]: stunnel 3.26 on i486-pc-
linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8e 23 Feb 2007
Mar 28 14:32:47 cellular12 stunnel[18995]: FD_SETSIZE=1024, file
ulimit=1024 -> 500 clients allowed
Mar 28 15:03:08 cellular12 stunnel[19401]: Using '5801' as tcpwrapper
service name
Mar 28 15:03:08 cellular12 stunnel[19401]: stunnel 3.26 on i486-pc-
linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8e 23 Feb 2007
Mar 28 15:03:08 cellular12 stunnel[19402]: FD_SETSIZE=1024, file
ulimit=1024 -> 500 clients allowed
Mar 28 15:03:46 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34050
Mar 28 15:03:46 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34053
Mar 28 15:03:46 cellular12 stunnel[19402]: SSL_accept: error:
1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Mar 28 15:03:47 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34059
Mar 28 15:03:47 cellular12 stunnel[19402]: SSL_accept: error:
1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Mar 28 15:03:47 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34066
Mar 28 15:03:56 cellular12 stunnel[19402]: Connection closed: 106
bytes sent to SSL, 599 bytes sent to socket
Mar 28 15:04:47 cellular12 stunnel[19402]: Connection closed: 0 bytes
sent to SSL, 0 bytes sent to socket
Mar 28 15:05:04 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:35415
Mar 28 15:05:04 cellular12 stunnel[19402]: remote connect: Connection
refused (111)
Mar 28 15:05:04 cellular12 stunnel[19402]: Failed to initialize remote
file descriptor
M

Downloaded x11vnc-0.9.3.tar.gz. Unpacked and copied the files
"SignedVncViewer.jar" and "VncViewer.jar" under class/ssl to a
directory (secure_vnc) accessible by the webserver. Created an
index.html file with the following content:

<html>
<body>
<applet code="VncViewer.class" archive="VncViewer.jar" width="800"
height="600">
<param name="PORT" value="5835" />
<param name="HOST" value="MY HOST NAME" />
<param name="Open New Window" value="no" />

</applet>
</body>
</html>

And I accessed it via
http://MY HOST NAME/secure_vnc
or
https://MY HOST NAME/secure_vnc

and I always get the above error.
.

Follow-Ups:
- Re: Secure VNC with SSL problem
  - From: google1

Prev by Date: Re: VNC viewer is connected but blank screen
Next by Date: Secure VNC with SSL problem
Previous by thread: dhcp by mac address mask
Next by thread: Re: Secure VNC with SSL problem
Index(es):
- Date
- Thread

Relevant Pages

Secure VNC with SSL problem
... I am trying secure access to my vncserver using SSL. ... 599 bytes sent to socket ... ulimit=1024 -> 500 clients allowed ...
(comp.os.linux.networking)
Blocking problem
... Without ssl I have made PDA application which communicates to server, ... application and client windows mobile. ... socket works only before connecting. ...
(microsoft.public.dotnet.framework.compactframework)
Re: The OpenSSL API
... puts $ssl "Hello";# write to ssl socket ... Tcl has native nonblocking I/O, ...
(comp.os.linux.networking)
Re: IPSec to encrypt SMB traffic?
... How does Etercap decrypt ssl protected data payload without the shared ... >> all of our clients are within our own Domain. ... >> particular Windows 2003 file server. ... Removed all entries under Key Exchange Security Method except ...
(microsoft.public.windows.server.security)
Re: IPSec to encrypt SMB traffic?
... How does Etercap decrypt ssl protected data payload without the shared ... >> all of our clients are within our own Domain. ... >> particular Windows 2003 file server. ... Removed all entries under Key Exchange Security Method except ...
(microsoft.public.windowsxp.security_admin)