You can select the security protocols and cryptographic algorithms that are used to encrypt communications between Horizon Client and Horizon servers or between Horizon Client and the agent in the remote desktop.

These options are also used to encrypt the USB channel (communication between the USB service daemon and the agent).

With the default setting, cipher suites use 128- or 256-bit AES, remove anonymous DH algorithms, and then sort the current cipher list in order of encryption algorithm key length.

  • In Horizon Client 4.0 and later, by default, TLS v1.1 and TLS v1.2 are enabled. (TLS v1.0 is disabled. SSL v2.0 and v3.0 are removed.)

  • In Horizon Client 3.5, by default, TLS v1.0, TLS v1.1, and TLS v1.2 are enabled. (SSL v2.0 and v3.0 are disabled.)

  • In Horizon Client 3.3 and 3.4, by default, TLS v1.0 and TLS v1.1 are enabled. (SSL v2.0 and v3.0, and TLS v1.2 are disabled.)

  • In Horizon Client 3.2 and earlier, by default, SSL v3.0 is also enabled. (SSL v2.0 and TLS v1.2 are disabled.)

Note:

In Horizon Client 3.1 to 3.5, the USB service daemon adds RC4 (:RC4-SHA: +RC4) to the end of the cipher control string when it connects to a remote desktop. Starting with Horizon Client 4.0, the USB service daemon no longer adds RC4 to the end of the cipher control string.

Note:

If TLS v1.0 and RC4 are disabled, USB redirection does not work when users are connected to Windows XP desktops. Be aware of the security risk if you choose to make this feature work by enabling TLS v1.0 and RC4.

You should change the security protocols in Horizon Client only if your View server does not support the current settings. If you configure a security protocol for Horizon Client that is not enabled on the View server to which the client connects, a TLS/SSL error occurs and the connection fails.

Important:

If the only protocol you enable on the client is TLS v1.1, you must verify that TLS v1.1 is also enabled on the remote desktop. Otherwise, USB devices cannot be redirected to the remote desktop.

On the client system, you can use either configuration file properties or command-line options for these settings:

  • To use configuration file properties, use the view.sslProtocolString and view.sslCipherString properties.

  • To use command-line configuration options, use the --sslProtocolString and --sslCipherString options.

For more information, see Using the Horizon Client Command-Line Interface and Configuration Files and look up the property and option names in the table in Horizon Client Configuration Settings and Command-Line Options.