You can change the default TLS configuration that vRealize Operations for Horizon components use by modifying the msgserver.properties and msgclient.properties files.

Prerequisites

Determine the TLS cipher suites supported by the operating system on all target machines. Ensure that the Horizon Adapter instance and each agent have at least one cipher suite in common.

Procedure

  1. Log in to the vRealize Operations Manager node where the Horizon Adapter instance is running and open the /usr/lib/vmware-vcops/user/plugins/inbound/V4V_adapter3/work/msgserver.properties file.
  2. Set the value of the enforcesslprotocols property to false.
  3. Set the value of the sslProtocols property to the desired versions of TLS.

    Separate multiple values with a comma (,). The following values are supported:

    • TLSv1.2

    • TLSv1.1

    • TLSv1

  4. Set the value of the sslCiphers property to the desired TLS cipher suites.
  5. Log in to the Horizon Connection Server host where the broker agent is running and open the C:\ProgramData\VMware\vRealize Operations for Horizon\Broker Agent\conf\msgclient.properties file.
  6. Modify the value of the enforcesslprotocols, sslProtocols, and sslCiphers properties to match the Horizon Adapter.
  7. Log in to the desktop source where the desktop agent is running and open the C:\ProgramData\VMware\vRealize Operations for Horizon\Desktop Agent\conf\msgclient.properties file.
  8. Modify the value of the enforcesslprotocols, sslProtocols, and sslCiphers properties to match the Horizon Adapter.