Skip to content

3.1.90 (3.2 beta1)

Pre-release
Pre-release

Choose a tag to compare

View all tags
@dcommander dcommander released this 09 Feb 00:18
· 48 commits to main since this release
3.2beta1
6bfe2af

Assets

Packaging Changes

  • A 32-bit Windows installer is no longer provided, since Windows 10 no longer supports 32-bit CPUs, Windows 11 never did support 32-bit CPUs, and 32-bit Windows support was removed in OpenJDK 21.

Support

Code Quality: Beta
Current Support Category: EOL

Documentation

User’s Guide for TurboVNC 3.2 beta1

Release Notes

Significant changes relative to 3.1.4:

  1. The TurboVNC Server now incorporates zlib-ng, which accelerates zlib encoding significantly on x86, Arm, and PowerPC CPUs. Relative to TurboVNC 3.1.x, this improves the encoding performance of the Lossless Tight + Zlib encoding method, and of non-JPEG (low-color-depth) subrectangles encoded with one of the Tight + JPEG encoding methods, by approximately 10-15% on reasonably modern x86-64 CPUs and 25-30% on reasonably modern AArch64 CPUs.

  2. Since all supported TurboVNC host platforms now contain new enough libraries to build xorg-server 1.20.x, the TurboVNC Server is now dynamically linked against the system-supplied versions of these libraries rather than statically linked against in-tree versions. The TVNC_SYSTEMLIBS and TVNC_SYSTEMX11 CMake variables have been removed, and the build system now behaves as if those variables are always on. A new CMake variable (TVNC_ZLIBNG) can be used on x86 platforms to disable the in-tree SIMD-accelerated zlib-ng implementation and build against the system-supplied zlib implementation.

  3. The TurboVNC Server now supports the DRI3 X extension when using open source GPU drivers. This enables GPU acceleration in a TurboVNC session without VirtualGL, although the performance will be better with VirtualGL. Refer to the description of the -drinode option in the Xvnc man page for more details.

  4. The default X startup script (xstartup.turbovnc) now throws an error, rather than trying to execute xinitrc or twm, if a session desktop file for the default window manager cannot be found.

  5. Configuration of the TurboVNC Viewer has been improved in the following ways:

    • Advanced parameters (those that are rarely needed by end users) are now listed on a separate usage screen, which can be displayed by passing -?? to /opt/TurboVNC/bin/vncviewer or c:\Program Files\TurboVNC\vncviewer.bat.
    • TurboVNC-specific Java system properties can now be specified in ~/.vnc/default.turbovnc.
    • The turbovnc.ciphersuites Java system property has been deprecated and replaced with a new advanced parameter (CipherSuites.)
    • The TVNC_PROFILE environment variable has been deprecated and replaced with a new advanced parameter (Profile.)
    • The TVNC_SERVERARGS environment variable and the turbovnc.serverargs Java system property have been deprecated and replaced with a new advanced parameter (ServerArgs.)
    • The TVNC_SERVERDIR environment variable and the turbovnc.serverdir Java system property have been deprecated and replaced with a new advanced parameter (ServerDir.)
    • The VNC_VIA_CMD and VNC_TUNNEL_CMD environment variables and the turbovnc.via and turbovnc.tunnel Java system properties have been deprecated and replaced with a new advanced parameter (ExtSSHTemplate.)

  6. The TurboVNC Server no longer enables the "Tight Encoding Without Zlib" RFB extension unless the VNC viewer advertises support for it. This prevents a fatal error that occurred in TightVNC-compatible VNC viewers (other than the TurboVNC Viewer) when attempting to select Compression Level 0 without JPEG while connected to a TurboVNC session.

  7. The TurboVNC Viewer's built-in SSH client has been rebased on v0.2.23 of the JSch fork, which includes the following notable security, compatibility, and performance improvements:

    • Curve25519 key exchange (KEX) methods are now supported.

    • Diffie-Hellman Group 14 through 18 KEX methods are now supported.

    • The Ed25519 signature scheme is now supported.

    • Encrypt-then-MAC (EtM) Message Authentication Code (MAC) algorithms are now supported.

    • Galois/Counter Mode (GCM) ciphers are now supported.

    • The hmac-sha2-512 MAC algorithm (Hash-based Message Authentication Code with the SHA-512 hash algorithm) is now supported.

    • Version 3 of the PuTTY Private Key (PPK) format is now supported.

    • RFC 8308 extension negotiation and the server-sig-algs extension are now supported.

    • The OpenSSH strict key exchange extension is now supported (which addresses CVE-2023-48795.)

    • Insecure signature schemes, KEX methods, and ciphers are now disabled by default, including:

      • 3DES ciphers
      • CBC (Cipher Block Chaining) ciphers
      • Diffie-Hellman Group 1 KEX methods
      • The DSS (Digital Signature Standard) signature scheme
      • Signature schemes and KEX methods that use the SHA-1 hash algorithm

      The Ciphers, HostKeyAlgorithms, KexAlgorithms, and PubkeyAcceptedAlgorithms OpenSSH configuration keywords or the jsch.cipher, jsch.server_host_key, jsch.kex, and jsch.client_pubkey Java system properties can be used to re-enable insecure algorithms when connecting to legacy systems.

  8. The TurboVNC Viewer's SSHUser parameter has been removed. SSH usernames should now be specified by prefixing the VNC host or the gateway host with the username followed by @. This fixes an issue whereby separate SSH usernames could not be specified for the Server and Via parameters.

  9. For compatibility with OpenSSH, the TurboVNC Viewer now accepts -F, -i, and -p as command-line aliases for (respectively) the SSHConfig, SSHKeyFile, and SSHPort parameters.

  10. The TurboVNC Viewer's built-in SSH client now supports jump hosts, i.e. multi-hop/multi-level SSH tunneling. If the Jump parameter or the ProxyJump OpenSSH config file keyword is specified, the viewer now creates an intermediate SSH tunnel to the jump host and uses that tunnel to create the final SSH tunnel to the VNC host. This eliminates the need to open RFB ports in the VNC host's firewall, it ensures that the RFB connection is encrypted on the server-area network, and it allows the TurboVNC Session Manager to be used with TurboVNC hosts that are behind an SSH gateway. The OpenSSH config file can be used to specify more than two levels of SSH tunneling.

    Similarly, when using an external SSH client, the default SSH command-line template for TCP connections with the Jump parameter now takes advantage of OpenSSH's ProxyJump feature.

    For compatibility with OpenSSH, the TurboVNC Viewer accepts -J as a command-line alias for the Jump parameter.

    The Via parameter has been retained for backward compatibility, but since it is now essentially a less secure and usable variant of the Jump parameter, it has been moved to the advanced usage screen and is no longer exposed in the TurboVNC Viewer Options dialog.

  11. The TurboVNC Viewer now supports bump scrolling in full-screen mode, which addresses a feature regression relative to the native Windows TurboVNC Viewer in TurboVNC 2.2.x. A new parameter (BumpScroll) can be used to disable bump scrolling and use scrollbars instead.

  12. The Mac TurboVNC Viewer now hides the menu bar and dock in full-screen mode if bump scrolling is enabled. Setting the turbovnc.fshidedock system property to 0 or 1 causes the viewer to always show or always hide the menu bar and dock in full-screen mode, irrespective of bump scrolling.

  13. The TurboVNC Server and Viewer now implement the Extended Mouse Buttons RFB extension, which allows forward and back mouse button events to be transmitted to the VNC server.

  14. The TurboVNC Viewer toolbar icons have been updated with more modern icons derived from UltraVNC v1.2.4.

  15. The TurboVNC Viewer's CompatibleGUI parameter is now configurable using a new check box ("TurboVNC server") under the "Encoding" tab of the TurboVNC Viewer Options dialog. This facilitates using the standard 0-9 compression level scale with specific VNC hosts.

Assets 13
Loading