top | item 40798142

(no title)

any1 | 1 year ago

The initial handshake goes like this:

First TCP handshake:

  - Client SYN
  - Server SYN ACK
  - Client ACK

Then VNC handshake:

  - Server sends highest version that it supports
  - Client sends back the version that it wants to use
  - Server sends a list of authentication & encryption methods it supports
  - Client chooses from the list and sends its response

If no authentication is used:

  - Server sends a message to the client saying auth went ok
  - Client sends init message
  - Server replies with its own init message
  - Client sends pixel format and supported codecs and requests the first frame
  - Server sends frame

If the client chose authentication, more steps are added in between. E.g. if the client chose TLS this happens:

  - Server sends VEnCrypt version
  - Client sends VEnCrypt version
  - Server acks client's version and sends list of supported security subtypes
  - Client chooses a subtype and sends it
  - Server upgrades the connection to TLS which adds a couple of more round-trips (5 steps total for this item).

If, for example, each step takes 100 ms, you should have a total of 1.2 s without auth and 2.1 s with TLS.

discuss

amelius|1 year ago

Thank you for this reply!