Global acceptance and proposal policies enable certain security protocols and cipher suites by default.

Security-related settings are provided in Horizon LDAP under the object path cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int.

Table 1. Default Global Acceptance Policy
Default Security Protocols Default Cipher Suites Default Signature Schemes
  • TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • rsa_pss_rsae_sha512
  • rsa_pss_rsae_sha384
  • rsa_pss_rsae_sha256
  • rsa_pss_pss_sha512
  • rsa_pss_pss_sha384
  • rsa_pss_pss_sha256
  • rsa_pkcs1_sha512
  • rsa_pkcs1_sha384
  • rsa_pkcs1_sha256
  • rsa_pkcs1_sha1
  • ecdsa_secp521r1_sha512
  • ecdsa_secp384r1_sha384
  • ecdsa_secp256r1_sha256
Table 2. Default Global Proposal Policy
Default Security Protocols Default Cipher Suites Default Signature Schemes
  • TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • rsa_pss_rsae_sha512
  • rsa_pss_rsae_sha384
  • rsa_pss_rsae_sha256
  • rsa_pss_pss_sha512
  • rsa_pss_pss_sha384
  • rsa_pss_pss_sha256
  • rsa_pkcs1_sha512
  • rsa_pkcs1_sha384
  • rsa_pkcs1_sha256
  • rsa_pkcs1_sha1
Table 3. Default Global Common Policy
Default Named Groups
  • secp384r1
  • secp256r1
  • secp521r1
  • ffdhe2048
  • ffdhe3072
  • ffdhe4096
  • ffdhe6144
  • ffdhe8192
Note: In FIPS mode, only GCM cipher suites are enabled.