6.0

Table Of Contents

Prerequisites

You need to have experience editing Windows registry keys using the Regedt32.exe registry editor.

Procedure

Start Registry Editor Regedt32.exe, and locate this registry

key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

2 Make modifications to the registry.

Windows Version Registry Changes

XP SP3

In subkey \Ciphers\DES 56/56 add a DWORD value Enabled with

a value of 0x0.

In subkey\Hashes\MD5 add a DWORD value Enabled with a value of

0x0.

Vista and Later

In subkey \Hashes create a subkey MD5.

In subkey \Hashes\MD5 add a DWORD value Enabled with a value

of 0x0.

For Windows XP SP3, the registry changes ensure that only the following ciphers are available:

SSLv3 168 bits DES-CBC3-SHA

SSLv3 128 bits RC4-SHA

TLSv1 168 bits DES-CBC3-SHA

TLSv1 128 bits RC4-SHA

For Windows Vista and later, the registry changes ensure that only the following ciphers are available:

SSLv3 168 bits DES-CBC3-SHA

SSLv3 128 bits RC4-SHA

TLSv1 256 bits AES256-SHA

TLSv1 128 bits AES128-SHA

TLSv1 168 bits DES-CBC3-SHA

TLSv1 128 bits RC4-SHA

NOTE When connecting to a Windows XP virtual desktop from Horizon Client, you may need to configure

the cipher list that is supported by the client to include a cipher from the supported list on Windows XP. For

example you may need to configure the client to additionally support TLSv1 128 bits RC4-SHA. By default,

Horizon Client no longer supports this cipher.

If the client is not configured to support any cipher that is supported by the virtual desktop operating

system, the TLS/SSL negotiation will fail and the client will be unable to connect.

For information on configuring supported cipher suites in Horizon Clients, refer to Horizon Client

documentation at https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.

View Agent Direct-Connection Plug-In Administration

12 VMware, Inc.