You can select the security protocols and cryptographic algorithms that are used to encrypt communications between Horizon Client and Horizon servers and between Horizon Client and the agent in the remote desktop.

By default, TLSv1.0, TLSv1.1, and TLSv1.2 are enabled. SSL v2.0 and 3.0 are not supported. The default cipher control string is "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES".

If you configure a security protocol for Horizon Client that is not enabled on the Horizon server to which the client connects, a TLS/SSL error occurs and the connection fails.

For information about configuring the security protocols that are accepted by Connection Server instances, see the View Security document.


  1. Open Settings and tap Security options.
    If you are connected to a remote desktop or application in full-screen mode, tap the Horizon Client Tools radial menu icon and tap the gear icon to access Settings. If you are not using full-screen mode, Settings is in the menu in the upper right corner of the Horizon Client toolbar. If you are not connected to a remote desktop or application, tap the gear icon in the upper right corner of the Horizon Client window.
  2. Tap Advanced SSL Options.
  3. Make sure that Use Default Settings is unchecked.
  4. To enable or disable a security protocol, tap the check box next to the security protocol name.
  5. To change the cipher control string, replace the default string.
  6. (Optional) If you need to revert to the default settings, tap to select the Use Default Settings option.
  7. Tap OK to save your changes.


Your changes take effect the next time you connect to the server.