Security

Table Of Contents

Configuring Security Protocols and

Cipher Suites for Blast Secure

Gateway 5

The security seings for View Connection Server do not apply to Blast Secure Gateway (BSG). You must

congure security for BSG separately.

Configure Security Protocols and Cipher Suites for Blast Secure

Gateway (BSG)

You can congure the security protocols and cipher suites that BSG's client-side listener accepts by editing

the le absg.properties.

The protocols that are allowed are, from low to high, tls1.0, tls1.1, and tls1.2. Older protocols such as SSLv3

and earlier are never allowed. Two properties, localHttpsProtocolLow and localHttpsProtocolHigh,

determine the range of protocols that the BSG listener will accept. For example, seing

localHttpsProtocolLow=tls1.0 and localHttpsProtocolHigh=tls1.2 will cause the listener to accept tls1.0,

tls1.1, and tls1.2. The default seings are localHttpsProtocolLow=tls1.1 and

localHttpsProtocolHigh=tls1.2. You can examine the BSG's absg.log le to discover the values that are in

force for a specic BSG instance.

You must specify the list of ciphers using the format that is dened in

hps://www.openssl.org/docs/manmaster/man1/ciphers.html, under the section CIPHER LIST FORMAT.

The following cipher list is the default:

ECDHE-RSA-AES256-SHA:AES256-SHA:HIGH:!AESGCM:!CAMELLIA:!3DES:!EDH:!EXPORT:!MD5:!PSK:!RC4:!SRP:!

aNULL:!eNULL

Procedure

1 On the Connection Server instance, edit the le install_directory\VMware\VMware

View\Server\appblastgateway\absg.properties.

By default, the install directory is %ProgramFiles%.

2 Edit the properties localHttpsProtocolLow and localHttpsProtocolHigh to specify a range of protocols.

For example,

localHttpsProtocolLow=tls1.0

localHttpsProtocolHigh=tls1.2

To enable only one protocol, specify the same protocol for both localHttpsProtocolLow and

localHttpsProtocolHigh.

VMware, Inc.