Global Acceptance and Proposal Policies Defined in Horizon LDAP

You can edit the Horizon LDAP attributes that define global acceptance and proposal policies.

Global Acceptance Policies

The following attribute lists security protocols. You must order the list by placing the latest protocol first:

pae-ServerSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1

The following attribute lists the cipher suites. This example shows an abbreviated list:

pae-ServerSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA

The following attribute controls the precedence of cipher suites. Normally, the server's ordering of cipher suites is unimportant and the client's ordering is used. To use the server's ordering of cipher suites instead, set the following attribute:

pae-ServerSSLHonorClientOrder = 0

Global Proposal Policies

The following attribute lists security protocols. You must order the list by placing the latest protocol first:

pae-ClientSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1

The following attribute lists the cipher suites. This list should be in order of preference. Place the most preferred cipher suite first, the second-most preferred suite next, and so on. This example shows an abbreviated list:

pae-ClientSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA