added option to set rdp crypto level to none

libxrdp/xrdp_rdp.c

@@ -76,7 +76,11 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
         }
         else if (g_strcasecmp(item, "crypt_level") == 0)
         {
-            if (g_strcasecmp(value, "low") == 0)
+            if (g_strcasecmp(value, "none") == 0)
+            {
+                client_info->crypt_level = 0;
+            }
+            else if (g_strcasecmp(value, "low") == 0)
             {
                 client_info->crypt_level = 1;
             }

libxrdp/xrdp_sec.c

@@ -1779,9 +1779,22 @@ xrdp_sec_process_mcs_data_CS_SECURITY(struct xrdp_sec *self, struct stream* s)
             found = 1;
         }
     }
+    if ((found == 0) &&
+        (self->crypt_level == CRYPT_LEVEL_NONE))
+    {
+        if (crypt_method == CRYPT_METHOD_NONE)
+        {
+            g_writeln("  client and server support none crypt, using "
+                      "none crypt");
+            self->crypt_method = CRYPT_METHOD_NONE;
+            self->crypt_level = CRYPT_LEVEL_NONE;
+            found = 1;
+        }
+    }
     if (found == 0)
     {
-        g_writeln("  no security");
+        g_writeln("  can not find client / server agreed encryption method");
+        return 1;
     }
     return 0;
 }
@@ -2069,6 +2082,10 @@ xrdp_sec_init_rdp_security(struct xrdp_sec *self)
 {
     switch (self->rdp_layer->client_info.crypt_level)
     {
+        case 0: /* none */
+            self->crypt_method = CRYPT_METHOD_NONE;
+            self->crypt_level = CRYPT_LEVEL_NONE;
+            break;
         case 1: /* low */
             self->crypt_method = CRYPT_METHOD_40BIT;
             self->crypt_level = CRYPT_LEVEL_LOW;

xrdp/xrdp.ini

@@ -8,6 +8,8 @@ port=3389
 allow_channels=true
 max_bpp=32
 fork=yes
+# minimum security level allowed for client
+# can be 'none', 'low', 'medium', 'high', 'fips'
 crypt_level=high
 # security layer can be 'tls', 'rdp' or 'negotiate'
 # for client compatible layer