You can set a configuration property so that the client uses only FIPS (Federal Information Processing Standard) 140-2 approved cryptographic algorithms and protocols to establish a remote PCoIP connection. This mode is not supported on Horizon Client 3.4 or 3.5.

Note:

View PCoIP FIPS mode does not support AES-256 encryption algorithms.

This setting applies to both server and client. You can configure either endpoint or both endpoints to operate in FIPS mode. Configuring a single endpoint to operate in FIPS mode limits the encryption algorithms that are available for session negotiation.

Important:

If you enable FIPS mode on one endpoint but the other endpoint does not support cryptographic algorithms that are approved by FIPS 140-2, the connection will fail.

When this setting is disabled or not configured, FIPS mode is not used.

To enable or disable FIPS mode, you can set the pcoip.enable_fips_mode property. Setting the property to 1 turns on FIPS mode, and setting the property to 0 turns off FIPS mode. For example, the following setting turns on FIPS mode:

 pcoip.enable_fips_mode = 1

Use a space before and after the equals (=) sign.

You can set this property in any of several files. When Horizon Client starts up, the setting is processed from various locations in the following order:

  1. /etc/teradici/pcoip_admin_defaults.conf

  2. ~/.pcoip.rc

  3. /etc/teradici/pcoip_admin.conf

If a setting is defined in multiple locations, the value that is used is the value from the last file read.