encryption may still be enabled when sending the challenge response

Xpra-org · Aug 28, 2024 · b16a48f · b16a48f
1 parent 22189b3
commit b16a48f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/xpra/client/base/client.py b/xpra/client/base/client.py
@@ -913,7 +913,9 @@ def validate_challenge_packet(self, packet) -> bool:
         digest = str(packet[3]).split(":", 1)[0]
         # don't send XORed password unencrypted:
         if digest in ("xor", "des"):
-            encrypted = p.is_sending_encrypted()
+            # verify that the connection is already encrypted,
+            # or that it will be configured for encryption in `send_challenge_reply`:
+            encrypted = p.is_sending_encrypted() or self.get_encryption()
             local = self.display_desc.get("local", False)
             authlog(f"{digest} challenge, encrypted={encrypted}, local={local}")
             if local and ALLOW_LOCALHOST_PASSWORDS: