2.2.1.3.3 Client Security Data (TS_UD_CS_SEC)

  • Article

The TS_UD_CS_SEC data block contains security-related information used to advertise client cryptographic support. This information is only relevant when Standard RDP Security mechanisms (section 5.3) will be used. See sections 3 and 5.3.2 for a detailed discussion of how this information is used.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

header

encryptionMethods

extEncryptionMethods

header (4 bytes): A GCC user data block header as described in User Data Header (section 2.2.1.3.1). The User Data Header type field MUST be set to CS_SECURITY (0xC002).

encryptionMethods (4 bytes): A 32-bit, unsigned integer. Cryptographic encryption methods supported by the client and used in conjunction with Standard RDP Security. The client MUST specify at least one encryption method, and the server MUST select one of the methods specified by the client. 

Flag

Meaning

40BIT_ENCRYPTION_FLAG

0x00000001

40-bit session keys MUST be used to encrypt data (with RC4) and generate Message Authentication Codes (MAC).

128BIT_ENCRYPTION_FLAG

0x00000002

128-bit session keys MUST be used to encrypt data (with RC4) and generate MACs.

56BIT_ENCRYPTION_FLAG

0x00000008

56-bit session keys MUST be used to encrypt data (with RC4) and generate MACs.

FIPS_ENCRYPTION_FLAG

0x00000010

All encryption and Message Authentication Code generation routines MUST be Federal Information Processing Standard (FIPS) 140-1 compliant.

Section 5.3.2 describes how the client and server negotiate the security parameters for a given connection.

extEncryptionMethods (4 bytes): A 32-bit, unsigned integer. This field is used exclusively for the French locale. In French locale clients, encryptionMethods MUST be set to zero and extEncryptionMethods MUST be set to the value to which encryptionMethods would have been set. For non-French locale clients, this field MUST be set to zero.