You can select the security protocols and cryptographic algorithms that VMware Horizon 8 uses to encrypt communications between Horizon Client and servers, and between Horizon Client and Horizon Agent.

Horizon also uses the security options to encrypt the USB channel (communication between the USB plugin and Horizon Agent).

By default, TLS v1.1 and TLS v1.2 are activated. SSL v2.0, SSL v3.0, and TLS v1.0 are not supported. The default cipher control string is "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES".

If you configure a security protocol for Horizon Client that is not activated on the server to which the client system connects, a TLS error occurs and the connection fails.

Important: At least one of the protocol versions that you activate in Horizon Client must also be activated in the remote desktop for USB devices to be redirected to the remote desktop.

For information about configuring the security protocols that Connection Server can accept, see the Horizon Security document.

Procedure

  1. Select VMware Horizon Client > Preferences from the menu bar, click Security, and click Advanced.
  2. To activate or deactivate a security protocol, select the check box next to the security protocol name.
  3. To change the cipher control string, replace the default string.
  4. (Optional) To revert to the default settings, click Restore Defaults.
  5. To save your changes, click Confirm.

Results

Your changes take effect the next time you connect to the server.