Manualshelf

Security

ManualsBrandsVMware ManualsApplicationsHorizon 7.4
21222324252627282930
Table Of Contents
Default Global Policies for Security Protocols and Cipher
Suites
Global acceptance and proposal policies enable certain security protocols and cipher suites by default.
Table 41. Default Global Policies
Default Security Protocols Default Cipher Suites
n
TLS 1.2
n
TLS 1.1
n
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
n
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
n
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
n
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
n
TLS_RSA_WITH_AES_128_CBC_SHA
n
TLS_RSA_WITH_AES_256_CBC_SHA
GCM cipher suites are not enabled by default for performance reasons.
Configuring Global Acceptance and Proposal Policies
Global acceptance and proposal policies are defined in View LDAP attributes. These policies apply to all
View Connection Server instances and security servers in a replicated group. To change a global policy,
you can edit View LDAP on any View Connection Server instance.
Each policy is a single-valued attribute in the following View LDAP location:
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int
Global Acceptance and Proposal Policies Defined in View LDAP
You can edit the View LDAP attributes that define global acceptance and proposal policies.
Global Acceptance Policies
The following attribute lists security protocols. You must order the list by placing the latest protocol first:
pae-ServerSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1
The following attribute lists the cipher suites. This example shows an abbreviated list:
pae-ServerSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
The following attribute controls the precedence of cipher suites. Normally, the server's ordering of cipher
suites is unimportant and the client's ordering is used. To use the server's ordering of cipher suites
instead, set the following attribute:
pae-ServerSSLHonorClientOrder = 0
View Security
VMware, Inc. 21