Configure Proposal Policies on Remote Desktops

To control the security of Message Bus connections to Connection Server, you can configure the proposal policies on remote desktops that run Windows.

Note: It is not recommended that you make any changes to the values in the SOFTWARE\VMware, Inc.\VMware VDM\Security registry key. The values in this key are set using LDAP settings on the Connection Server and should not be edited in the Registry. For more information, see Global Acceptance and Proposal Policies Defined in Horizon LDAP.

Prerequisites

To avoid a connection failure, configure Connection Server to accept the same policies.

Procedure

On the remote desktop, start the Windows Registry Editor.
Navigate to the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Agent\Configuration registry key.

Add new String (REG_SZ) values as described below.

String (REG_SZ) Value Description

String (REG_SZ) Value	Description
`ClientSSLSecureProtocols`	Set the value to a list of cipher suites in the format `\LIST:protocol_1,protocol_2,...` List the protocols with the latest protocol first. For example: \LIST:TLSv1.2,TLSv1.1
`ClientSSLCipherSuites`	Set the value to a list of cipher suites in the format `\LIST:cipher_suite_1,cipher_suite_2,...`. The list must be in order of preference, with the most preferred cipher suite first. For example: \LIST:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA

ClientSSLSecureProtocols

Set the value to a list of cipher suites in the format \LIST:protocol_1,protocol_2,...

List the protocols with the latest protocol first. For example:

\LIST:TLSv1.2,TLSv1.1

ClientSSLCipherSuites

Set the value to a list of cipher suites in the format \LIST:cipher_suite_1,cipher_suite_2,....

The list must be in order of preference, with the most preferred cipher suite first. For example:

\LIST:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA