Connection Server and security server comply with certain Internet Engineering Task Force (IETF) standards.
- RFC 5746 Transport Layer Security (TLS) – Renegotiation Indication Extension, also known as secure renegotiation, is enabled by default.
Note: Client-initiated renegotiation is disabled by default on Connection Servers and security servers. To enable, edit registry value [HKLM\SOFTWARE\VMware, Inc.\VMware VDM\plugins\wsnm\TunnelService\Params]JvmOptions and remove -Djdk.tls.rejectClientInitiatedRenegotiation=true from the string.
- RFC 6797 HTTP Strict Transport Security (HSTS), also known as transport security, is enabled by default. This setting cannot be disabled.
- RFC 7034 HTTP Header Field X-Frame-Options, also known as counter clickjacking, is enabled by default. You can disable it by adding the entry x-frame-options=OFF to the file locked.properties. For information on how to add properties to the file locked.properties, see Configure HTTP Protection Measures.
Note: In releases earlier than Horizon 7 version 7.2, changing this option did not affect connections to HTML Access.
- RFC 6454 Origin Checking, which protects against cross-site request forging, is enabled by default. You can disable it by adding the entry checkOrigin=false to locked.properties. For more information, see Cross-Origin Resource Sharing.
Note: In earlier releases, this protection was disabled by default.