You can change the TLS versions and ciphers used to encrypt communication between servers and agents.

Each agent and server supports a certain set of protocol versions and ciphers. When an RMI connection is established between an agent and a server, the agent and server negotiate the protocol and cipher to use by selecting the strongest protocol and cipher that both ends support.

The supported versions and ciphers for desktop and broker message servers are specified in the msgserver.properties file on the vRealize Operations Manager node where the adapter instance is running. The supported versions and ciphers for broker agents are specified in the msgclient.properties on the Horizon Connection Server host where the agent is installed. The supported versions and ciphers for desktop agents are specified in the msgclient.properties file on the corresponding desktop source or RDS host.

Table 1. TLS Configuration Properties

Property

Description

Default Value

sslProtocols

List of accepted TLS versions, separated by commas.

TLSv1.2

sslCiphers

List of accepted TLS ciphers, separated by commas.

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256