Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
Default Global Policies for Security Protocols and Cipher Suites
Global acceptance and proposal policies enable certain security protocols and cipher suites by default.
Table 4‑1. Default Global Policies
Default Security Protocols Default Cipher Suites
n
TLS 1.2
n
TLS 1.1
n
TLS 1.0
n
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
n
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
n
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
n
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
n
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
n
TLS_RSA_WITH_AES_128_CBC_SHA
n
TLS_RSA_WITH_AES_256_CBC_SHA
If all connecting clients support TLS 1.1 and/or TLS 1.2, you can remove TLS 1.0 from the acceptance
policy.
Configuring Global Acceptance and Proposal Policies
Global acceptance and proposal policies are defined in View LDAP attributes. These policies apply to all
View Connection Server instances and security servers in a replicated group. To change a global policy, you
can edit View LDAP on any View Connection Server instance.
Each policy is a single-valued attribute in the following View LDAP location:
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int
Global Acceptance and Proposal Policies Defined in View LDAP
You can edit the View LDAP attributes that define global acceptance and proposal policies.
Global Acceptance Polices
The following attribute lists security protocols. You must order the list by placing the latest protocol first:
pae-ServerSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1
The following attribute lists the cipher suites. The order of the cipher suites is unimportant. This example
shows an abbreviated list:
pae-ServerSSLCipherSuites
= \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
Global Proposal Policies
The following attribute lists security protocols. You must order the list by placing the latest protocol first:
pae-ClientSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1
The following attribute lists the cipher suites. This list should be in order of preference. Place the most
preferred cipher suite first, the second-most preferred suite next, and so on. This example shows an
abbreviated list:
pae-ClientSSLCipherSuites
= \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
View Security
24 VMware, Inc.