From 0057a0d59006d00c294de0b012d9a290eb1a5c80 Mon Sep 17 00:00:00 2001 From: Tim Hardeck Date: Tue, 23 Apr 2013 16:33:01 +0200 Subject: TLS support for VNC Websockets Added TLS support to the VNC QEMU Websockets implementation. VNC-TLS needs to be enabled for this feature to be used. The required certificates are specified as in case of VNC-TLS with the VNC parameter "x509=". If the server certificate isn't signed by a rooth authority it needs to be manually imported in the browser because at least in case of Firefox and Chrome there is no user dialog, the connection just gets canceled. As a side note VEncrypt over Websocket doesn't work atm because TLS can't be stacked in the current implementation. (It also didn't work before) Nevertheless to my knowledge there is no HTML 5 VNC client which supports it and the Websocket connection can be encrypted with regular TLS now so it should be fine for most use cases. Signed-off-by: Tim Hardeck Reviewed-by: Anthony Liguori Message-id: 1366727581-5772-1-git-send-email-thardeck@suse.de Signed-off-by: Anthony Liguori --- qemu-options.hx | 2 ++ 1 file changed, 2 insertions(+) (limited to 'qemu-options.hx') diff --git a/qemu-options.hx b/qemu-options.hx index e86cc2439d..fb62b75ccb 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1127,6 +1127,8 @@ By definition the Websocket port is 5700+@var{display}. If @var{host} is specified connections will only be allowed from this host. As an alternative the Websocket port could be specified by using @code{websocket}=@var{port}. +TLS encryption for the Websocket connection is supported if the required +certificates are specified with the VNC option @option{x509}. @item password -- cgit v1.2.1