You can select the security protocols that Horizon Client can use. You can also specify the cipher control string.

  • In Horizon Client 3.0 through 3.4, TLSv1.0 and TLSv1.1 are enabled by default. The default cipher control string is "AES:!aNULL:@STRENGTH".
  • In Horizon Client 3.5, TLSv1.0, TLSv1.1, and TLSv1.2 are enabled by default. The default cipher control string is "!aNULL:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH".
  • In Horizon Client 4.0 and later, TLSv1.0 is disabled by default, TLSv1.1 and TLSv1.2 are enabled by default, and SSLv3 is removed. The default cipher control string is "!aNULL:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH".


Verify the security protocol that the Connection Server instance can use. If you configure a security protocol for Horizon Client that is not enabled on the Connection Server instance to which the client connects, an SSL error occurs and the connection fails. For information about configuring the security protocols that are accepted by Connection Server instances, see the View Security document.

You should change the security protocols in Horizon Client only if your View administrator instructs you to do so, or if your Connection Server instance does not support the current settings.


  1. Tap the Settings (gear) icon in the upper-right corner of the Horizon Client screen and tap General settings.
  2. Tap Advanced SSL Options.
  3. Make sure that Use Default Settings is unchecked.
  4. To enable or disable a security protocol, tap the check box next to the security protocol name.
  5. To change the cipher control string, replace the default string.
  6. (Optional) If you need to revert to the default settings, tap to select the Use Default Settings option.
  7. Tap OK to save your changes.


Your changes take effect the next time you connect to the server.