Skip to main content
Version: v41

Supported RDP Algorithms

This guide describes the supported TLS cipher suites for connections from RDP clients to PrivX RDP Bastion. You can configure the allowed cipher suites in /opt/privx/etc/rdpmitm/rdpproxy.ini.

By default, RDP Bastion allows the following TLS cipher suites for TLS 1.3:

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256

And the following up to TLS 1.2:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256

The cipher suite for connecting from RDP Bastion to the target host depends on the algorithms offered by the target host.