WIN2K3 SP1 New Feature - RDP over SSL
Remote Desktop Protocol (RDP) in Windows Server 2003 provides data encryption but it does not provide authentication to verify the identity of terminal server. There is a nice new feature that comes in Service Pack 1 for Windows Server 2003. Transport Layer Security (TLS) 1.0 for server authentication and to encrypt terminal server communication. TLS is the latest and securest version of Secure Socket Layer (SSL) protocol. Difference is that TLS 1.0 applies a Key-Hashing for Message Authentication Code (HMAC) algorithm. SSL 3.0 applies Message Authentication Code (MAC) algorithm. Difference between HMAC and MAC is that HMAC produces an integrity check value with a hash function construction that makes hash much harder to break.
How to enable RDP over SSL?
On server:
- Terminal Server must run Windows Server 2003 SP1
- You must obtain certificate for the terminal server (Server Authentication)
- Enable RDP over SSL (see picture below). You can force usage of SSL with selecting SSL from drop down menu or to only offer SSL functionality with selecting Negotiate.
On client:
- Clients must run Windows 2000 or XP
- Clients must be upgraded to use RDP 5.2 (Windows Server 2003 SP1) client
- Clients must trust the root of the server`s certificate
- Configure RDP client for SSL usage (see picture below)
That`s all ;-)