Security

Table Of Contents

Conﬁguring Security Protocols

and Cipher Suites for Blast

Secure Gateway 5

The security settings for View Connection Server do not apply to Blast Secure Gateway (BSG). You must

configure security for BSG separately.

Conﬁgure Security Protocols and Cipher Suites for Blast

Secure Gateway (BSG)

You can configure the security protocols and cipher suites that BSG's client-side listener accepts by

editing the file absg.properties.

The protocols that are allowed are, from low to high, tls1.0, tls1.1, and tls1.2. Older protocols such as

SSLv3 and earlier are never allowed. Two properties, localHttpsProtocolLow and

localHttpsProtocolHigh, determine the range of protocols that the BSG listener will accept. For

example, setting localHttpsProtocolLow=tls1.0 and localHttpsProtocolHigh=tls1.2 will cause

the listener to accept tls1.0, tls1.1, and tls1.2. The default settings are localHttpsProtocolLow=tls1.1

and localHttpsProtocolHigh=tls1.2. You can examine the BSG's absg.log file to discover the

values that are in force for a specific BSG instance.

You must specify the list of ciphers using the format that is defined in

https://www.openssl.org/docs/manmaster/man1/ciphers.html, under the section CIPHER LIST FORMAT.

The following cipher list is the default:

ECDHE-RSA-AES256-SHA:AES256-SHA:HIGH:!AESGCM:!CAMELLIA:!3DES:!EDH:!EXPORT:!MD5:!PSK:!RC4:!SRP:!aNULL:!

eNULL

Procedure

1 On the Connection Server instance, edit the file install_directory\VMware\VMware

View\Server\appblastgateway\absg.properties.

By default, the install directory is %ProgramFiles%.

VMware, Inc.