You can configure the cipher suites and security protocols that the HTML Access Agent uses. You can also specify the configurations in a group policy object (GPO).
By default, the HTML Access Agent uses only TLS 1.0, TLS 1.1, and TLS 1.2. Older protocols such as SSLv3 and earlier are never allowed. Two registry values, SslProtocolLow and SslProtocolHigh, determine the range of protocols that the HTML Access Agent accepts. For example, setting SslProtocolLow=tls_1.1 and SslProtocolHigh=tls_1.2 causes the HTML Access Agent to accept TLS 1.1 and TLS 1.2. The default settings are SslProtocolLow=tls_1.2 and SslProtocolHigh=tls_1.2, and therefore by default the HTML Access Agent accepts only TLS 1.2.
You must use the proper cipher list format when specifying the list of ciphers. To see the cipher list format, you can search for openssl cipher string in a web browser. The following cipher list is the default:
ECDHE+AESGCM
Procedure
Results
To revert to using the default cipher list, delete the SslCiphers registry value and restart the Windows service VMware Blast. Do not delete the data part of the value. If you delete the data part of the value, the HTML Access Agent treats all ciphers as unacceptable in accordance with the OpenSSL cipher list format definition.
When the HTML Access Agent starts, it writes the protocol and cipher information to its log file. You can examine the log file to determine the values that are in force.