Quoth ori@eigenstate.org: > Quoth unobe@cpan.org: […] > > I don't know if it's appropriate to mention in the man page that the > > connection to OS X cannot be encrypted, so tunneling w/ssh is advised. […] > It's worth mentioning that vnc auth in general is > a joke, and some other mechanism, like sshnet, > should be used for encryption. Attached is a patch (git/import) that incorporates the modification to vnc/auth.c enabling connections to Darwin hosts, as well as the suggestions made to improve /sys/man/1/vnc. Here is the inline version: From: Igor Böhm Date: Sat, 25 Sep 2021 20:40:47 +0000 Subject: [PATCH] vncv: enable connecting to Darwin hosts Tested on MacOS Catalina and Big Sur releases. Update man page to highlight weak encryption of vnc, recommending to tunnel via ssh (thanks unobe). --- diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43 --- a/sys/man/1/vnc Sat Sep 25 18:57:58 2021 +++ b/sys/man/1/vnc Sat Sep 25 22:40:47 2021 @@ -201,9 +201,12 @@ If the remote frame buffer is larger than the local screen, only the upper left corner can be accessed. .PP +.I Vncs +and +.I vncv +encryption is not secure. It's advisable to tunnel through +ssh or some other secure protocol. +.PP .I Vncv does no verification of the TLS certificate presented by the server. -.PP -.I Vncv -supports only version 3.3 of the RFB protocol. --- a/sys/src/cmd/vnc/auth.c Sat Sep 25 18:57:58 2021 +++ b/sys/src/cmd/vnc/auth.c Sat Sep 25 22:40:47 2021 @@ -33,6 +33,8 @@ v->vers = 37; else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0) v->vers = 38; + else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0) + v->vers = 38; /* Darwin */ else /* RFC6143: Any other should be treated as 3.3. */ v->vers = 33; Cheers, Igor