You can select the security protocols and cryptographic algorithms that are used to encrypt communications between Horizon Client and Horizon servers and between Horizon Client and the agent in the remote desktop.

About this task

By default, TLSv1.0, TLSv1.1, and TLSv1.2 are enabled. SSL v2.0 and 3.0 are not supported. The default cipher control string is "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES".

If you configure a security protocol for Horizon Client that is not enabled on the Horizon server to which the client connects, a TLS/SSL error occurs and the connection fails.


  1. Tap the Option menu in the upper-left corner of the Horizon Client menu bar and expand the SSL Options section.
  2. To enable or disable a security protocol, tap the On or Off toggle under the security protocol name.

    You can enable and disable the TLSv1.0, TLSv1.1, and TLSv1.2 protocols. All three protocols are enabled by default.


    TLSv1.0 and TLSv1.2 require TLSv1.1 to be enabled. You cannot disable TLSv1.1 if TLSv1.0 and TLSv1.2 are enabled.

  3. To change the cipher control string, replace the default string and tap Change.
  4. (Optional) If you need to revert to the default cipher control string, tap Default.


Your changes take effect the next time you connect to the server.