To control the security of Message Bus connections to Connection Server, you can configure the proposal policies on remote desktops that run Windows.
Prerequisites
To avoid a connection failure, configure Connection Server to accept the same policies.
Procedure
- On the remote desktop, start the Windows Registry Editor.
- Navigate to the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Agent\Configuration registry key.
- Add a new String (REG_SZ) value, ClientSSLSecureProtocols.
- Set the value to a list of cipher suites in the format \LIST:protocol_1,protocol_2,....
List the protocols with the latest protocol first. For example:
\LIST:TLSv1.2,TLSv1.1
- Add a new String (REG_SZ) value, ClientSSLCipherSuites.
- Set the value to a list of cipher suites in the format \LIST:cipher_suite_1,cipher_suite_2,....
The list must be in order of preference, with the most preferred cipher suite first. For example:
\LIST:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA