This would not prevent MITM attacks on its own, but could be used to prevent a client from connecting to a malicious server.
Only slight problem is that this requires the server to have access to the password value, which is not always available to the auth module... (ie: allow
and pam
do not)
So if this is added, this should not be the default.
implement server challenge support
The patch above is on top of r17173, it isn't too intrusive but seeing that we can't make it the default, I don't think we should apply it.
Could be useful for something like #1022
Better solution: #1771
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1660