6.2
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
Changing the Default TLS
Configuration in
vRealize Operations for Horizon 3
The vRealize Operations for Horizon broker message server uses an TLS channel to communicate with the
broker agents. The vRealize Operations for Horizon desktop message server uses an TLS channel to
communicate with the desktop agents. You can change the default TLS configuration for servers and agents
by modifying TLS configuration properties.
This chapter includes the following topics:
n
“Default TLS Protocols and Ciphers,” on page 11
n
“TLS Configuration Properties,” on page 12
n
“Change the Default TLS Configuration for Servers,” on page 12
n
“Change the Default TLS Configuration for Agents,” on page 12
Default TLS Protocols and Ciphers
When an RMI connection is established between an agent and a server, the agent and server negotiate the
protocol and cipher to use.
Each agent and server has a list of protocols and ciphers that it supports. The strongest protocol and cipher
that is common to both the agent list and server list is selected for the TLS channel.
By default, RMI agents and servers are configured to accept only TLSv1.2 connections with the following
ciphers:
n
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
n
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
VMware, Inc.
11