Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
HTTP Protection Measures on
Connection Servers and
Security Servers 7
Horizon 7 employs certain measures to protect communication that uses the HTTP protocol.
This section includes the following topics:
n
Internet Engineering Task Force Standards
n
World Wide Web Consortium Standards
n
Other Protection Measures
n
Configure HTTP Protection Measures
Internet Engineering Task Force Standards
Connection Server and security server comply with certain Internet Engineering Task Force (IETF)
standards.
n
RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as
secure renegotiation, is enabled by default.
Note Client-initiated renegotiation is disabled by default on Connection Servers and security
servers. To enable, edit registry value [HKLM\SOFTWARE\VMware, Inc.\VMware
VDM\plugins\wsnm\TunnelService\Params]JvmOptions and remove
-Djdk.tls.rejectClientInitiatedRenegotiation=true from the string.
n
RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by
default. This setting cannot be disabled.
n
RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by
default. You can disable it by adding the entry x-frame-options=OFF to the file
locked.properties. For information on how to add properties to the file locked.properties, see
Configure HTTP Protection Measures.
Note In releases earlier than Horizon 7 version 7.2, changing this option did not affect connections
to HTML Access.
VMware, Inc.
33