The JMP Server installation includes default server-side and client-side cipher suites that are accepted and proposed between your JMP Server, Horizon Connection Server, App Volumes, and User Environment Manager instances. You can optionally change these default cipher suites that JMP Server supports with cipher suites that your organization supports.

Which cipher suite is used depends on whether JMP Server is acting as a server receiving the secure connection request or when it is acting as a client that is initiating the secure connection request to Horizon Connection Server, App Volumes, or User Environment Manager.

You must specify the list of cipher suites using the format that is defined in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html#CIPHER-LIST-FORMAT. The following list of cipher suites is the default used for the server-side.

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

In addition to the preceding cipher string, the actual cipher suites used are also determined by the accepted protocols TLSv1.1 and TLSv1.2, which are defined in the nginx.conf file.

Procedure

  1. In the JMP Server host, stop the three JMP Server services using the Windows Services Manager tool.
    1. Right-click the Windows Start icon and select Run.
    2. In the Run dialog box, type services.msc in the Open text box, and click OK.
    3. In the Services (Local) pane of the Services window, locate the following three JMP Server services and for each service, click Stop.
      • VMware JMP API Service

      • VMware JMP File Share Service

      • VMware JMP Platform Services

  2. Modify the configuration file that contains the cipher suite.

    To modify the server-side cipher suite:

    1. Navigate to the C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf folder.

    2. Create a backup copy of the nginx.conf file before modifying it.

    3. Open the nginx.conf file with Notepad.

    4. Locate the line that begins with ssl_ciphers and modify the cipher suite as necessary.

    5. Save the changes you made to the nginx.conf file.

    To modify the client-side cipher suite:

    1. Navigate to the C:\Program Files (x86)\VMware\JMP\com\xmp\conf folder.

    2. Open the jmp.js file with Notepad.

    3. Create a backup copy of the jmp.js file before modifying it.

    4. Locate the line that contains the following code snippet.

      ciphers:'!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES'

    5. Modify the cipher suite after the ciphers: section in the code snippet. For example:

      ciphers:'your_organization_cipher_suite'

    6. Save the changes you made to the jmp.js file.

  3. Use the Windows Services Manager tool to restart the three JMP Server services for the new list of cipher suites to take effect.