Secure VNC with SSL problem

I am trying secure access to my vncserver using SSL. Looks like the
following one is the only and the de-facto tutorial on the web:

http://www-128.ibm.com/developerwork...r-lnxw16SSLVNC

When I follow the steps and try to connect to the java-applet I
receive "Status: Connected to server" but it does not show my desktop,
all I get is a blank screen.

I opened the java-terminal and I see the following error:

"security: JSS package is not found
security: JSS is not configured
....
HttpURLConnection: Connection reset"

When I check the VNC errors I see the following:

"28/03/08 16:12:55 Got connection from client 0.0.0.0
28/03/08 16:12:55 Protocol version 3.3
28/03/08 16:13:25 rfbAuthProcessClientMessage: read: Connection reset
by peer
28/03/08 16:13:25 Client 0.0.0.0 gone
28/03/08 16:13:25 Statistics:
28/03/08 16:13:25 framebuffer updates 0, rectangles 0, bytes 0
28/03/08 16:13:55 httpd: get 'check.https.proxy.connection' for
0.0.0.0
28/03/08 16:13:55 httpProcessInput: open: No such file or directory
28/03/08 16:13:56 httpProcessInput: read: Connection reset by peer
28/03/08 16:13:56 httpProcessInput: read: Connection reset by peer"

SYSLOG gives:

r 28 16:13:56 cellular12 stunnel[19516]: SSL_accept: error:
1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Mar 28 16:13:57 cellular12 stunnel[19516]: 5801 connected from
74.62.18.62:30370
Mar 28 16:14:05 cellular12 stunnel[19516]: Connection closed: 106
bytes sent to SSL, 599 bytes sent to socket

It is as if trying to reach to an HTTPS site using HTTP. Do you have
any idea what I might be doing wrong?


-------------------------------------------------------------------------------------------------------
Detailed steps and logs are as follows:
- Started server: vncserver :5
- Created certificate: stunnel.pem
- Started stunnel: sudo stunnel -d 5835 -r 5801

SYSLOG
=============================
Mar 28 14:32:47 cellular12 stunnel[18994]: Using '5801' as tcpwrapper
service name
Mar 28 14:32:47 cellular12 stunnel[18994]: stunnel 3.26 on i486-pc-
linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8e 23 Feb 2007
Mar 28 14:32:47 cellular12 stunnel[18995]: FD_SETSIZE=1024, file
ulimit=1024 -> 500 clients allowed
Mar 28 15:03:08 cellular12 stunnel[19401]: Using '5801' as tcpwrapper
service name
Mar 28 15:03:08 cellular12 stunnel[19401]: stunnel 3.26 on i486-pc-
linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8e 23 Feb 2007
Mar 28 15:03:08 cellular12 stunnel[19402]: FD_SETSIZE=1024, file
ulimit=1024 -> 500 clients allowed
Mar 28 15:03:46 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34050
Mar 28 15:03:46 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34053
Mar 28 15:03:46 cellular12 stunnel[19402]: SSL_accept: error:
1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Mar 28 15:03:47 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34059
Mar 28 15:03:47 cellular12 stunnel[19402]: SSL_accept: error:
1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
Mar 28 15:03:47 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:34066
Mar 28 15:03:56 cellular12 stunnel[19402]: Connection closed: 106
bytes sent to SSL, 599 bytes sent to socket
Mar 28 15:04:47 cellular12 stunnel[19402]: Connection closed: 0 bytes
sent to SSL, 0 bytes sent to socket
Mar 28 15:05:04 cellular12 stunnel[19402]: 5801 connected from
74.62.18.62:35415
Mar 28 15:05:04 cellular12 stunnel[19402]: remote connect: Connection
refused (111)
Mar 28 15:05:04 cellular12 stunnel[19402]: Failed to initialize remote
file descriptor
M

Downloaded x11vnc-0.9.3.tar.gz. Unpacked and copied the files
"SignedVncViewer.jar" and "VncViewer.jar" under class/ssl to a
directory (secure_vnc) accessible by the webserver. Created an
index.html file with the following content:

<html>
<body>
<applet code="VncViewer.class" archive="VncViewer.jar" width="800"
height="600">
<param name="PORT" value="5835" />
<param name="HOST" value="MY HOST NAME" />
<param name="Open New Window" value="no" />
<!-- the following helps in Opera:
<param name="Cursor shape updates" value="Disable" />
-->
</applet>
</body>
</html>

And I accessed it via
http://MY HOST NAME/secure_vnc
or
https://MY HOST NAME/secure_vnc

and I always get the above error.

On Fri, 28 Mar 2008 17:17:25 -0700 (PDT), Salih <Salih.ML@gmail.com>
wrote:


>When I follow the steps and try to connect to the java-applet I
>receive "Status: Connected to server" but it does not show my desktop,
>all I get is a blank screen.

I've NEVER gotten access via http. IMO it is doubtful that you'll
ever get access via http. Instead run a vnc viewer.

If you do make http work, please post your solution. I suspect many
would want to read it.
--
buck

On 2008-03-31, buck <buck@private.mil> wrote:

> On Fri, 28 Mar 2008 17:17:25 -0700 (PDT), Salih <Salih.ML@gmail.com>
> wrote:
>
>>When I follow the steps and try to connect to the java-applet I
>>receive "Status: Connected to server" but it does not show my desktop,
>>all I get is a blank screen.

> I've NEVER gotten access via http. IMO it is doubtful that you'll
> ever get access via http. Instead run a vnc viewer.
>
> If you do make http work, please post your solution. I suspect many
> would want to read it.

It works for me, but my experience is that the java client is slower
than the stand-alone client, and you lose more screen real estate
running inside a browser with all its buttons and menus and such like.

--

John (john@os2.dhs.org)

On Mar 31, 8:01 pm, John Thompson <j...@vector.os2.dhs.org> wrote:
> It works for me, but my experience is that the java client is slower
> than the stand-alone client, and you lose more screen real estate
> running inside a browser with all its buttons and menus and such like.

For some java applet vncviewers (e.g. the one the OP is using) it is
not so bad and you can set this in the applet launcher html:

<param name="Open New Window" value="yes" />

to have it open a new window so that it does not run cramped inside
a browser window.