To achieve greater security, you can configure the domain policy GPO (group policy object) to ensure that View Composer and Windows-based machines running View Agent or Horizon Agent do not use weak ciphers when they communicate using the SSL/TLS protocol.
Procedure
- On the Active Directory server, edit the GPO by selecting , right-clicking the GPO, and selecting Edit.
- In the Group Policy Management Editor, navigate to the .
- Double-click SSL Cipher Suite Order.
- In the SSL Cipher Suite Order window, click Enabled.
- In the Options pane, replace the entire content of the SSL Cipher Suites text box with the following cipher list:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
The cipher suites are listed above on separate lines for readability. When you paste the list into the text box, the cipher suites must be on one line with no spaces after the commas.
Note: You can amend this list of cipher suites to suit your own security policy.
- Exit the Group Policy Management Editor.
- Restart the View Composer and View Agent or Horizon Agent machines for the new group policy to take effect.