You can edit the Horizon LDAP attributes that define global acceptance and proposal policies. Security-related settings are provided in Horizon LDAP under the object path cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int.

Global Acceptance Policies

Attribute Description
pae-ServerSSLSecureProtocols Lists security protocols. You must order the list by placing the latest protocol first. For example:
pae-ServerSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1
pae-ServerSSLCipherSuites Lists cipher suites. This example shows an abbreviated list:
pae-ServerSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
pae-ServerSSLHonorClientOrder Controls the precedence of cipher suites. Normally, the server's ordering of cipher suites is unimportant and the client's ordering is used. To use the server's ordering of cipher suites instead, set the following attribute:
pae-ServerSSLHonorClientOrder = 0
pae-SSLServerSignatureSchemes Lists certificate signature schemes. This example shows an abbreviated list:
pae-SSLServerSignatureSchemes = \LIST:rsa_pss_rsae_sha256,rsa_pkcs1_sha512,rsa_pkcs1_sha1

Global Proposal Policies

Attribute Description
pae-ClientSSLSecureProtocols Lists security protocols. You must order the list by placing the latest protocol first:
pae-ClientSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1
pae-ClientSSLCipherSuites Lists cipher suites. This list should be in order of preference. Place the most preferred cipher suite first, the second-most preferred suite next, and so on. This example shows an abbreviated list:
pae-ClientSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
pae-SSLClientSignatureSchemes Lists certificate signature schemes. This example shows an abbreviated list:
pae-SSLClientSignatureSchemes = \LIST:rsa_pss_rsae_sha256,rsa_pkcs1_sha512,rsa_pkcs1_sha1

Global Common Policies

Attribute Description
pae-SSLNamedGroups Lists named groups (elliptic curves and Diffie-Hellman groups), both proposed and accepted. This example shows an abbreviated list:
pae-SSLNamedGroups = \LIST:secp384r1,secp256r1,ffdhe2048