You can select the security protocols and cryptographic algorithms that Horizon uses to encrypt communications between Horizon Client and servers, and between Horizon Client and Horizon Agent.

By default, TLS v1.1 and TLS v1.2 are enabled. SSL v2.0, SSL v3.0, and TLS v1.0 are not supported. The default cipher control string is "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES".

If you configure a security protocol for Horizon Client that is not enabled on the server to which the client system connects, a TLS error occurs and the connection fails.

For information about configuring the security protocols that Connection Server can accept, see the Horizon 7 Security document.


  1. Tap the Option menu in the upper-left corner of the Horizon Client menu bar and expand the SSL Options section.
  2. To enable or disable a security protocol, tap the On or Off toggle under the security protocol name.
    You can enable and disable the TLS v1.1 and TLS v1.2 protocols. Both protocols are enabled by default.
  3. To change the cipher control string, replace the default string and tap Change.
  4. (Optional) To revert to the default cipher control string, tap Default.


Your changes take effect the next time you connect to the server.