You can select the security protocols and cryptographic algorithms that are used to encrypt communications between Horizon Client and servers, and between Horizon Client and the agent in a remote desktop.

These security options are also used to encrypt the USB channel. With the default setting, cipher suites use 128-bit or 256-bit AES, remove anonymous DH algorithms, and then sort the current cipher list in order of encryption algorithm key length. By default, TLS v1.2 is enabled in FIPS mode and both TLS v1.1 and TLS v1.2 are enabled in non-FIPS mode. SSL v2.0, SSL v3.0, and TLS v1.0 are not supported.

If you configure a security protocol for Horizon Client that is not enabled on the server to which the client connects, a TLS error occurs and the connection fails.

Important: At least one of the protocols that you enable in Horizon Client must also be enabled on the remote desktop or USB devices cannot be redirected to the remote desktop.

On the client system, you can use either a group policy setting or a Windows Registry setting to change the default ciphers and protocols. For information about using a group policy setting, see the Configures SSL protocols and cryptographic algorithms setting in Using Group Policy Settings to Configure Horizon Windows Client. For information about using the SSLCipherList setting in the Windows Registry, see Using the Windows Registry to Configure Horizon Windows Client.