Direct Approach

The Negotiation-Based Approach (specified in section aims to have the client and server agree on a security protocol to use for the connection. The fact that the X.224 messages are unencrypted helps to ensure backward compatibility with prior versions of RDP servers, as the packets can always be read. However, the fact that the X.224 PDUs are unencrypted is also a threat because an attacker can seek to compromise or take down the server by sending malformed X.224 PDUs. Hence the goal of the Direct Approach is to ensure that all RDP traffic is protected.

When using the Direct Approach, no negotiation of the security protocol takes place. The client and server are hard-coded to use the Credential Security Support Provider (CredSSP) Protocol (section 5.4.5) when a connection is initiated. Once the security protocol handshake has completed successfully, the RDP Connection Sequence begins, starting with (a) the X.224 messages which form the Connection Initiation phase (section; or (b) the Early User Authorization Result PDU (section followed by the X.224 messages. From this point all RDP traffic is encrypted using the CredSSP External Security Protocol.

The RDP Negotiation Request (section will still be appended to the X.224 Connection Request PDU (section and the requested protocol list will contain the identifier of the CredSSP protocol (section If this is not the case, the server will append an RDP Negotiation Failure (section to the X.224 Connection Confirm PDU (section with a failure code of INCONSISTENT_FLAGS (0x04). Similarly, the server will indicate that the hard-coded security protocol is the selected protocol in the RDP Negotiation Response (section which is appended to the X.224 Connection Confirm PDU.

Direct security-enhanced connection sequence

Figure 13: Direct security-enhanced connection sequence

As specified in the Negotiation-Based Approach, the client and server also confirm the selected protocol and the requested protocols in the Client Core Data (section and Server Core Data (section, respectively.