A /tls-secure level option menu is required for freerdp connection.

[minizx]

In a freerdp connection, if the target's Windows is set to reject lower versions of SSL, TLS, the default option is not connected.
For access, the "/sec-seclevel" option in freerdp must be specified for normal access, so I would like to have the /sec-level radio button in the default option.
(Currently, adding options to Other options is a normal way to access them, but it's hard for the first-time user to know right away.)

• Error message when connecting to a server that only allows TLS1.2 (asbru-cm message window)
  [15:18:56:312] [235334] [ERROR][com]freerdp.core.transport] - transport_ssl_cb: Access denied
  [15:18:56:312] [235334] [ERROR][com]freerdp.core] - transport_ssl_cb:freerd_set_last_error_ex ERRCONNECT_certification_failure [0x000200020009]
  [15:18:56:312] [23534] [ERROR][com]Freerdp.core.transport] - Error 1:4094419:SSL routine:ssl3_read_bytes:tlsv1 Alert access denied on BIO_read

• Solution
  asbru-cm > Edit Connection
  RDP (xfreerdp) options - Other options: /tls-level:level
  ex) /tls-seclevel:1.3
  /tls-seclevel:1.2
  /tls-secvel:1.2 -5 -a 16 -k ko -r Sound:local -r clipboard:r disk:rdp_share="/data/rdp_share"

[gfrenoy]

Thanks for suggestion, that would indeed be great if we can make the freerdp options easy to modify from the GUI.

Can you help defining a bit more in the details what is required to change in the current UI, which is:

[minizx]

I think we can add it this way.

• Menu name: TLS security level

• Optional options
  1 (defaults)
  1.2
  1.3

• Type of option added at actual execution (optional confirmed version freerdp version 2.2.0)
  Depending on version 1.x of freerdp, the option name does not appear to exist.

  TLS 1 (defaults)

  xfreerdp /v:192.168.0.11:3389

  TLS 1.2

  xfreerdp /tls-seclevel:1.2 /v:192.168.0.11:3389

  TLS 1.3

  xfreerdp /tls-seclevel:1.3 /v:192.168.0.11:3389

[mnadesu]

Hello dear asbru-cm Team I once looked around in the Internet because of the Windows RDP Problem. I have made it so far that I can get to the Windows login screen but then the program says that the username or password is wrong. This same username and password have been tested in Remmina there it goes. I would like to switch from Remina to asbru. Currently the only obstacle is windows RDP, otherwise I like it so far. Can you help me here?
greeting
Mathi

[gfrenoy]

@mnadesu Please open a new issue, provide the error messages that you see on your screen.

[gfrenoy]

• Optional options
  1 (defaults)
  1.2
  1.3

If I read the freerdp code correctly, this command line parameter is matching the SSL_CTX_set_security_level function of OpenSSL which can take an integer value from 0 to 5.

Are you sure values 1.2 or 1.3 are working as expected ? I would believe they are just used as value 1.

[minizx]

As you said, only integers seem to be included as options.
The option I did is passed as 1, not 1.1, 1.2, so it seems to work.

It seems that the menu should be configured so that the option value can be selected from 0 to 5.

---

I think we can add it this way.

• Menu name: TLS security level

• Optional options
  0 (any) # default
  1
  2
  3
  4
  5

• Type of option added at actual execution (optional confirmed version freerdp version 2.2.0)
  Depending on version 1.x of freerdp, the option name does not appear to exist.

  0 (any)

  xfreerdp /v:192.168.0.11:3389

  1 (80 bit)

  xfreerdp /tls-seclevel:1 /v:192.168.0.11:3389

  2 (112 bit)

  xfreerdp /tls-seclevel:2 /v:192.168.0.11:3389

  3 (128 bit)

  xfreerdp /tls-seclevel:3 /v:192.168.0.11:3389

  4 (192 bit)

  xfreerdp /tls-seclevel:4 /v:192.168.0.11:3389

  5 (256 bit)

  xfreerdp /tls-seclevel:5 /v:192.168.0.11:3389

[gfrenoy]

This option is now available in the latest loki release. Please give it a try and re-open the issue if it should not work as expected.