Connection Server and security server comply with certain Internet Engineering Task Force (IETF) standards.

  • RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure renegotiation, is enabled by default.

    Note:

    Client-initiated renegotiation is disabled by default on Connection Servers and security servers. To enable, edit registry value [HKLM\SOFTWARE\VMware, Inc.\VMware VDM\plugins\wsnm\TunnelService\Params]JvmOptions and remove -Djdk.tls.rejectClientInitiatedRenegotiation=true from the string.

  • RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by default. This setting cannot be disabled.

  • RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by default. You can disable it by adding the entry x-frame-options=OFF to the file locked.properties. For information on how to add properties to the file locked.properties, see Configure HTTP Protection Measures.

    Note:

    In releases earlier than Horizon 7 version 7.2, changing this option did not affect connections to HTML Access.

  • RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default. You can disable it by adding the entry checkOrigin=false to locked.properties. For more information, see Cross-Origin Resource Sharing.

    Note:

    In earlier releases, this protection was disabled by default.