7.0
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- HTTP Protection Measures on Connection Servers and Security Servers
- Index
HTTP Protection Measures on
Connection Servers and Security
Servers 7
View employs certain measures to protect communication that uses the HTTP protocol.
This chapter includes the following topics:
n
“Internet Engineering Task Force Standards,” on page 35
n
“Other Protection Measures,” on page 36
Internet Engineering Task Force Standards
View Connection Server and security server comply with certain Internet Engineering Task Force (IETF)
Standards.
n
RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure
renegotiation, is enabled by default.
NOTE Client-initiated renegotiation is disabled by default on Connection Servers and security servers.
To enable, edit registry value [HKLM\SOFTWARE\VMware, Inc.\VMware
VDM\plugins\wsnm\TunnelService\Params]JvmOptions and remove
-Djdk.tls.rejectClientInitiatedRenegotiation=true from the string.
n
RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by
default.
n
RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by
default. You can disable it by adding the entry x-frame-options=OFF to the file locked.properties. For
information on how to add properties to the file locked.properties, see “Configure Acceptance Policies
on Individual View Servers,” on page 25.
Changing this option does not affect connections to HTML Access.
Origin Checking
RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default.
NOTE In earlier releases, this protection was disabled by default.
You can disable this protection by adding the following entry to the file locked.properties:
checkOrigin=false
If multiple Connection Servers or security servers are load balanced, you must specify the load balancer
address by adding the following entry to the file locked.properties. Port 443 is assumed for this address.
balancedHost=load-balancer-name
VMware, Inc.
35