This may help with #2799.
jsSHA is great and could be used for
hmac authentication, but it doesn't handle
So maybe we can just use the crypto API and drop IE11 support.
Examples here: webcrypto-examples.
Big problem with browser crypto is that this relies on asynchronous promises, which would require a huge rewrite of the protocol layer which is sequential by nature.
Maybe this fork has documentation)
attempting to switch over
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2615