Security

Table Of Contents

Procedure

1 Create or edit the locked.properties le in the SSL gateway conguration folder on the View

Connection Server or security server computer.

For example: install_directory\VMware\VMware View\Server\sslgateway\conf\

2 Add secureProtocols.n and enabledCipherSuite.n entries, including the associated security protocols

and cipher suites.

3 Save the locked.properties le.

4 Restart the VMware Horizon View Connection Server service or VMware Horizon View Security Server

service to make your changes take eect.

Example: Default Acceptance Policies on an Individual Server

The following example shows the entries in the locked.properties le that are needed to specify the default

policies:

# The following list should be ordered with the latest protocol first:

secureProtocols.1=TLSv1.2

secureProtocols.2=TLSv1.1

secureProtocols.3=TLSv1

# This setting must be the latest protocol given in the list above:

preferredSecureProtocol=TLSv1.2

# The order of the following list is unimportant unless honorClientOrder is false:

enabledCipherSuite.1=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

enabledCipherSuite.2=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

enabledCipherSuite.3=TLS_RSA_WITH_AES_128_CBC_SHA256

enabledCipherSuite.4=TLS_RSA_WITH_AES_128_CBC_SHA

# Use the ordering of cipher suites given above:

honorClientOrder=false

Configure Proposal Policies on View Desktops

You can control the security of Message Bus connections to View Connection Server by conguring the

proposal policies on View desktops that run Windows.

Make sure that View Connection Server is congured to accept the same policies to avoid a connection

failure.

Procedure

1 Start the Windows Registry Editor on the View desktop.

2 Navigate to the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Agent\Configuration registry

key.

3 Add a new String (REG_SZ) value, ClientSSLSecureProtocols.

View Security

26 VMware, Inc.