Connection Server and security server comply with certain Internet Engineering Task Force (IETF) standards.

  • RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure renegotiation, is enabled by default.
    Note: Client-initiated renegotiation is disabled by default on Connection Servers and security servers. To enable, edit registry value [HKLM\SOFTWARE\VMware, Inc.\VMware VDM\plugins\wsnm\TunnelService\Params]JvmOptions and remove -Djdk.tls.rejectClientInitiatedRenegotiation=true from the string.
  • RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by default. This setting cannot be disabled but optional properties can be added by editing locked.properties. For more information, see HTTP Strict Transport Security.
  • RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by default. You can disable it by adding the entry x-frame-options=OFF to the file locked.properties. For information on how to add properties to the file locked.properties, see Configure HTTP Protection Measures.
    Note: In releases earlier than Horizon 7 version 7.2, changing this option did not affect connections to HTML Access.
  • RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default. You can disable it by adding the entry checkOrigin=false to locked.properties. For more information, see Cross-Origin Resource Sharing.
    Note: In earlier releases, this protection was disabled by default.