默认情况下,全球接受和建议策略启用某些安全协议和密码套件。

下表列出了默认情况下为 Horizon Client 启用的协议和密码套件。在适用于 Windows、Linux 和 Mac 的 Horizon Client 3.1 及更高版本中,这些密码套件和协议还用于加密 USB 通道(USB 服务守护程序与 View Agent 或 Horizon Agent 之间的通信)。对于 Horizon Client 4.0 之前的版本,在连接到远程桌面时,USB 服务守护程序会将 RC4 ( :RC4-SHA: +RC4 ) 添加到密码控制字符串的末尾。从 Horizon Client 4.0 开始,不再添加 RC4。

Horizon Client 4.2 及更高版本

表 1. Horizon Client 4.2 及更高版本上默认启用的安全协议和密码套件
默认安全协议 默认密码套件
TLS 1.2
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
  • TLS 1.1
  • TLS 1.0
注:Horizon Client 4.10 开始,TLS v1.0 将被永久禁用,因此不再受支持。
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

Horizon Client 4.10 开始,TLS v1.0 将被永久禁用,因此不再受支持。

Horizon Client 4.2 到 4.9 中,默认情况下启用 TLS v1.0,以确保 Horizon Client 默认可以连接到具有托管基础架构的 Horizon Cloud 服务器。默认的密码字符串为 !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES。如果不需要 TLS v1.0 与服务器兼容,可以禁用 TLS v1.0。

Horizon Client 4.0.1 和 4.1

表 2. Horizon Client 4.0.1 和 4.1 上默认启用的安全协议和密码套件
默认安全协议 默认密码套件
TLS 1.2
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
  • TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
  • TLS 1.1
  • TLS 1.0
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

默认情况下,将启用 TLS 1.0,以确保 Horizon Client 默认可连接到具有托管基础架构的 Horizon Cloud 服务器。默认密码字符串是 TLSv1:TLSv1.1:TLSv1.2:!aNULL:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH。如果不需要 TLS 1.0 与服务器兼容,则可以禁用 TLS 1.0。

Horizon Client 4.0

表 3. Horizon Client 4.0 上默认启用的安全协议和密码套件
默认安全协议 默认密码套件
TLS 1.2
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
  • TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
  • TLS 1.1
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
重要事项: 将默认禁用 TLS 1.0。已移除 SSL 3.0。

Horizon Client 3.5

表 4. Horizon Client 3.5 上默认启用的安全协议和密码套件
默认安全协议 默认密码套件
TLS 1.2
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
  • TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
  • TLS 1.1
  • TLS 1.0
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

Horizon Client 3.3 和 3.4

表 5. Horizon Client 3.3 和 3.4 上默认启用的安全协议和密码套件
默认安全协议 默认密码套件
  • TLS 1.1
  • TLS 1.0
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
注: 还支持 TLS 1.2,但它在默认情况下未被启用。要启用 TLS 1.2,请按照 VMware 知识库文章 2121183 中的说明操作。在这之后,支持 Horizon Client 3.5 上默认启用的安全协议和密码套件 中列出的密码套件。

Horizon Client 3.0、3.1 和 3.2

表 6. Horizon Client 3.0、3.1 和 3.2 上默认启用的安全协议和密码套件
默认安全协议 默认密码套件
  • TLS 1.1
  • TLS 1.0
  • SSL 3.0(仅在 Windows 客户端上启用)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
  • TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA (0xc022)
  • TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA (0xc021)
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
  • TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
  • TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA (0xc01f)
  • TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA (0xc01e)
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
  • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
注: 还支持 TLS 1.2,但它在默认情况下未被启用。要启用 TLS 1.2,请按照 VMware 知识库文章 2121183 中的说明操作。在这之后,支持 Horizon Client 3.5 上默认启用的安全协议和密码套件 中列出的密码套件。