Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
To accept requests with any declared content type, specify acceptContentType=*.
Note In releases earlier than Horizon 7 version 7.2, changing this list does not affect connections to
Horizon Administrator.
Handshake Monitoring
TLS handshakes on port 443 must complete within a configurable period, otherwise they will be forcibly
terminated. By default, this period is 10 seconds. If smart card authentication is enabled, TLS
handshakes on port 443 can complete within 100 seconds.
If required, you can adjust the time for TLS handshakes on port 443 by adding the following property to
the locked.properties file:
handshakeLifetime = lifetime_in_seconds
For example:
handshakeLifetime = 20
Optionally, the client that is responsible for an over-running TLS handshake can be automatically added
to a blacklist. New connections from blacklisted clients are delayed for a configurable period before being
processed so that connections from other clients take priority. You can enable this feature by adding the
following property to the locked.properties file:
secureHandshakeDelay = delay_in_milliseconds
For example:
secureHandshakeDelay = 2000
To disable blacklisting of HTTPS connections, remove the secureHandshakeDelay entry or set it to 0.
The IP address of a misbehaving client is added to the blacklist for a minimum period equal to the sum of
handshakeLifetime and secureHandshakeDelay.
Using the values in the examples above, the IP address of a misbehaving client is 22 seconds
(20 * 1000) + 2000 = 22 seconds
The minimum period is extended each time a connection from the same IP address misbehaves. The IP
address is removed from the blacklist after the minimum period has expired and after the last delayed
connection from that IP address has been processed.
View Security
VMware, Inc. 38