2.2.1.2.1 RDP Negotiation Response (RDP_NEG_RSP)

The RDP Negotiation Response structure is used by a server to inform the client of the security protocol which it has selected to use for the connection.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

type

flags

length

selectedProtocol

type (1 byte): An 8-bit, unsigned integer that indicates the packet type. This field MUST be set to 0x02 (TYPE_RDP_NEG_RSP).

flags (1 byte): An 8-bit, unsigned integer that contains protocol flags.

Flag

Meaning

EXTENDED_CLIENT_DATA_SUPPORTED

0x01

The server supports Extended Client Data Blocks in the GCC Conference Create Request user data (section 2.2.1.3).

DYNVC_GFX_PROTOCOL_SUPPORTED

0x02

The server supports the Graphics Pipeline Extension Protocol described in [MS-RDPEGFX] sections 1, 2, and 3.

NEGRSP_FLAG_RESERVED

0x04

An unused flag that is reserved for future use.

RESTRICTED_ADMIN_MODE_SUPPORTED

0x08

Indicates that the server supports credential-less logon over CredSSP (also known as "restricted admin mode") and it is acceptable for the client to send empty credentials in the TSPasswordCreds structure defined in [MS-CSSP] section 2.2.1.2.1.<3>

REDIRECTED_AUTHENTICATION_MODE_SUPPORTED 0x10

Indicates that the server supports credential-less logon over CredSSP with credential redirection (also known as "Remote Credential Guard"). The client can send a redirected logon buffer in the TSRemoteGuardCreds structure defined in [MS-CSSP] section 2.2.1.2.3.

length (2 bytes): A 16-bit, unsigned integer that specifies the packet size. This field MUST be set to 0x0008 (8 bytes)

selectedProtocol (4 bytes): A 32-bit, unsigned integer that specifies the selected security protocol.

Value

Meaning

PROTOCOL_RDP

0x00000000

Standard RDP Security (section 5.3)

PROTOCOL_SSL

0x00000001

TLS 1.0, 1.1 or 1.2 (section 5.4.5.1)

PROTOCOL_HYBRID

0x00000002

CredSSP (section 5.4.5.2)

PROTOCOL_HYBRID_EX

0x00000008

Credential Security Support Provider protocol (CredSSP) (section 5.4.5.2) coupled with the Early User Authorization Result PDU (section 2.2.10.2).

Show: