2.2.1.4.3 Server Security Data (TS_UD_SC_SEC1)
The TS_UD_SC_SEC1 data block returns negotiated security-related information to the client. See section 5.3.2 for a detailed discussion of how this information is used.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
header |
|||||||||||||||||||||||||||||||
|
encryptionMethod |
|||||||||||||||||||||||||||||||
|
encryptionLevel |
|||||||||||||||||||||||||||||||
|
serverRandomLen (optional) |
|||||||||||||||||||||||||||||||
|
serverCertLen (optional) |
|||||||||||||||||||||||||||||||
|
serverRandom (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
serverCertificate (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
header (4 bytes): A GCC user data block header, as specified in User Data Header (section 2.2.1.3.1). The User Data Header type field MUST be set to SC_SECURITY (0x0C02).
encryptionMethod (4 bytes): A 32-bit, unsigned integer. The selected cryptographic method to use for the session. When Enhanced RDP Security (section 5.4) is being used, this field MUST be set to ENCRYPTION_METHOD_NONE (0).
-
Value
Meaning
ENCRYPTION_METHOD_NONE
0x00000000
No encryption or Message Authentication Codes (MACs) will be used.
ENCRYPTION_METHOD_40BIT
0x00000001
40-bit session keys will be used to encrypt data (with RC4) and generate MACs.
ENCRYPTION_METHOD_128BIT
0x00000002
128-bit session keys will be used to encrypt data (with RC4) and generate MACs.
ENCRYPTION_METHOD_56BIT
0x00000008
56-bit session keys will be used to encrypt data (with RC4) and generate MACs.
ENCRYPTION_METHOD_FIPS
0x00000010
All encryption and Message Authentication Code generation routines will be FIPS 140-1 compliant.
encryptionLevel (4 bytes): A 32-bit, unsigned integer that describes the encryption behavior to use for the session. When Enhanced RDP Security (section 5.4) is being used, this field MUST be set to ENCRYPTION_LEVEL_NONE (0).
-
Name
Value
ENCRYPTION_LEVEL_NONE
0x00000000
ENCRYPTION_LEVEL_LOW
0x00000001
ENCRYPTION_LEVEL_CLIENT_COMPATIBLE
0x00000002
ENCRYPTION_LEVEL_HIGH
0x00000003
ENCRYPTION_LEVEL_FIPS
0x00000004
-
See section 5.3.1 for a description of each of the low, client-compatible, high, and FIPS encryption levels.
serverRandomLen (4 bytes): An optional 32-bit, unsigned integer that specifies the size in bytes of the serverRandom field. If the encryptionMethod and encryptionLevel fields are both set to zero, then this field MUST NOT be present and the length of the serverRandom field MUST be zero. If either the encryptionMethod or encryptionLevel field is non-zero, this field MUST be set to 0x00000020.
serverCertLen (4 bytes): An optional 32-bit, unsigned integer that specifies the size in bytes of the serverCertificate field. If the encryptionMethod and encryptionLevel fields are both set to zero, then this field MUST NOT be present and the length of the serverCertificate field MUST be zero.
serverRandom (variable): The variable-length server random value used to derive session keys (sections 5.3.4 and 5.3.5). The length in bytes is given by the serverRandomLen field. If the encryptionMethod and encryptionLevel fields are both set to zero, then this field MUST NOT be present.
serverCertificate (variable): The variable-length certificate containing the server's public key information. The length in bytes is given by the serverCertLen field. If the encryptionMethod and encryptionLevel fields are both set to zero, then this field MUST NOT be present.