2.2.1.1.1 RDP Negotiation Request (RDP_NEG_REQ)
The RDP Negotiation Request structure is used by a client to advertise the security protocols which it supports.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
type |
flags |
length |
|||||||||||||||||||||||||||||
|
requestedProtocols |
|||||||||||||||||||||||||||||||
type (1 byte): An 8-bit, unsigned integer that indicates the packet type. This field MUST be set to 0x01 (TYPE_RDP_NEG_REQ).
flags (1 byte): An 8-bit, unsigned integer that contains protocol flags.
-
Flag
Meaning
RESTRICTED_ADMIN_MODE_REQUIRED
0x01
Indicates that the client requires credential-less logon over CredSSP (also known as "restricted admin mode"). If the server supports this mode then it is acceptable for the client to send empty credentials in the TSPasswordCreds structure defined in [MS-CSSP] section 2.2.1.2.1.<2>
REDIRECTED_AUTHENTICATION_MODE_REQUIRED 0x02
Indicates that the client requires credential-less logon over CredSSP with redirected authentication over CredSSP (also known as "Remote Credential Guard"). If the server supports this mode, the client can send a redirected logon buffer in the TSRemoteGuardCreds structure defined in [MS-CSSP] section 2.2.1.2.3.
CORRELATION_INFO_PRESENT
0x08
The optional rdpCorrelationInfo field of the 224 Connection Request PDU (section 2.2.1.1) is present.
length (2 bytes): A 16-bit, unsigned integer that specifies the packet size. This field MUST be set to 0x0008 (8 bytes).
requestedProtocols (4 bytes): A 32-bit, unsigned integer that contains flags indicating the supported security protocols.
-
Flag
Meaning
PROTOCOL_RDP
0x00000000
Standard RDP Security (section 5.3).
PROTOCOL_SSL
0x00000001
TLS 1.0, 1.1, or 1.2 (section 5.4.5.1).
PROTOCOL_HYBRID
0x00000002
Credential Security Support Provider protocol (CredSSP) (section 5.4.5.2). If this flag is set, then the PROTOCOL_SSL (0x00000001) flag SHOULD also be set because Transport Layer Security (TLS) is a subset of CredSSP.
PROTOCOL_RDSTLS
0x00000004
RDSTLS protocol (section 5.4.5.3).
PROTOCOL_HYBRID_EX
0x00000008
Credential Security Support Provider protocol (CredSSP) (section 5.4.5.2) coupled with the Early User Authorization Result PDU (section 2.2.10.2). If this flag is set, then the PROTOCOL_HYBRID (0x00000002) flag SHOULD also be set. For more information on the sequencing of the CredSSP messages and the Early User Authorization Result PDU, see sections 5.4.2.1 and 5.4.2.2.
PROTOCOL_RDSAAD
0x00000010RDS-AAD-Auth Security (section 5.4.5.4).