To control the security of Message Bus connections to Connection Server, you can configure the proposal policies on remote desktops that run Windows.

Note: It is not recommended that you make any changes to the values in the SOFTWARE\VMware, Inc.\VMware VDM\Security registry key. The values in this key are set using LDAP settings on the Connection Server and should not be edited in the Registry. For more information, see Global Acceptance and Proposal Policies Defined in Horizon LDAP.

Prerequisites

To avoid a connection failure, configure Connection Server to accept the same policies.

Procedure

  1. On the remote desktop, start the Windows Registry Editor.
  2. Navigate to the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Agent\Configuration registry key.
  3. Add new String (REG_SZ) values as described below.
    String (REG_SZ) Value Description
    ClientSSLSecureProtocols Set the value to a list of cipher suites in the format \LIST:protocol_1,protocol_2,...

    List the protocols with the latest protocol first. For example:

    \LIST:TLSv1.2,TLSv1.1
    ClientSSLCipherSuites Set the value to a list of cipher suites in the format \LIST:cipher_suite_1,cipher_suite_2,....

    The list must be in order of preference, with the most preferred cipher suite first. For example:

    \LIST:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA