Security

Table Of Contents

HTTP Protection Measures on

Connection Servers and Security

Servers 7

Horizon 7 employs certain measures to protect communication that uses the HTTP protocol.

This chapter includes the following topics:

“Internet Engineering Task Force Standards,” on page 35

“World Wide Web Consortium Standards,” on page 36

“Other Protection Measures,” on page 38

“Congure HTTP Protection Measures,” on page 40

Internet Engineering Task Force Standards

Connection Server and security server comply with certain Internet Engineering Task Force (IETF)

standards.

RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure

renegotiation, is enabled by default.

N Client-initiated renegotiation is disabled by default on Connection Servers and security servers.

To enable, edit registry value [HKLM\SOFTWARE\VMware, Inc.\VMware

VDM\plugins\wsnm\TunnelService\Params]JvmOptions and remove

-Djdk.tls.rejectClientInitiatedRenegotiation=true from the string.

RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by

default. This seing cannot be disabled.

RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by

default. You can disable it by adding the entry x-frame-options=OFF to the le locked.properties. For

information on how to add properties to the le locked.properties, see “Congure HTTP Protection

Measures,” on page 40.

N In releases earlier than Horizon 7 version 7.2, changing this option did not aect connections to

HTML Access.

RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default. You

can disable it by adding the entry checkOrigin=false to locked.properties. For more information, see

“Cross-Origin Resource Sharing,” on page 36.

N In earlier releases, this protection was disabled by default.

VMware, Inc.