You can edit the Horizon LDAP attributes that define global acceptance and proposal policies. Security-related settings are provided in Horizon LDAP under the object path cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int.
Global Acceptance Policies
Attribute |
Description |
pae-ServerSSLSecureProtocols |
Lists security protocols. You must order the list by placing the latest protocol first. For example:pae-ServerSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1 |
pae-ServerSSLCipherSuites |
Lists cipher suites. This example shows an abbreviated list: pae-ServerSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA |
pae-ServerSSLHonorClientOrder |
Controls the precedence of cipher suites. Normally, the server's ordering of cipher suites is unimportant and the client's ordering is used. To use the server's ordering of cipher suites instead, set the following attribute: pae-ServerSSLHonorClientOrder = 0 |
pae-SSLServerSignatureSchemes |
Lists certificate signature schemes. This example shows an abbreviated list: pae-SSLServerSignatureSchemes = \LIST:rsa_pss_rsae_sha256,rsa_pkcs1_sha512,rsa_pkcs1_sha1 |
Global Proposal Policies
Attribute |
Description |
pae-ClientSSLSecureProtocols |
Lists security protocols. You must order the list by placing the latest protocol first: pae-ClientSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1 |
pae-ClientSSLCipherSuites |
Lists cipher suites. This list should be in order of preference. Place the most preferred cipher suite first, the second-most preferred suite next, and so on. This example shows an abbreviated list: pae-ClientSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA |
pae-SSLClientSignatureSchemes |
Lists certificate signature schemes. This example shows an abbreviated list:pae-SSLClientSignatureSchemes = \LIST:rsa_pss_rsae_sha256,rsa_pkcs1_sha512,rsa_pkcs1_sha1 |
Global Common Policies
Attribute |
Description |
pae-SSLNamedGroups |
Lists named groups (elliptic curves and Diffie-Hellman groups), both proposed and accepted. This example shows an abbreviated list: pae-SSLNamedGroups = \LIST:secp384r1,secp256r1,ffdhe2048 |