Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
Configuring Security Protocols and
Cipher Suites for Blast Secure
Gateway 5
The security settings for View Connection Server do not apply to Blast Secure Gateway (BSG). You must
configure security for BSG separately.
Configure Security Protocols and Cipher Suites for Blast Secure
Gateway (BSG)
You can configure the security protocols and cipher suites that BSG's client-side listener accepts by editing
the file absg.properties.
The protocols that are allowed are, from low to high, tls1.0, tls1.1, and tls1.2. Older protocols such as SSLv3
and earlier are never allowed. Two properties, localHttpsProtocolLow and localHttpsProtocolHigh,
determine the range of protocols that the BSG listener will accept. For example, setting
localHttpsProtocolLow=tls1.0 and localHttpsProtocolHigh=tls1.2 will cause the listener to accept tls1.0,
tls1.1, and tls1.2. The default settings are localHttpsProtocolLow=tls1.1 and
localHttpsProtocolHigh=tls1.2. You can examine the BSG's absg.log file to discover the values that are in
force for a specific BSG instance.
You must specify the list of ciphers using the format that is defined in
http://openssl.org/docs/manmaster/apps/ciphers.html, under the section CIPHER LIST FORMAT. The
following cipher list is the default:
ECDHE-RSA-AES256-SHA:AES256-SHA:HIGH:!AESGCM:!CAMELLIA:!3DES:!EDH:!EXPORT:!MD5:!PSK:!RC4:!SRP:!
aNULL:!eNULL
Procedure
1 On the Connection Server instance, edit the file install_directory\VMware\VMware
View\Server\appblastgateway\absg.properties.
By default, the install directory is %ProgramFiles%.
2 Edit the properties localHttpsProtocolLow and localHttpsProtocolHigh to specify a range of protocols.
For example,
localHttpsProtocolLow=tls1.0
localHttpsProtocolHigh=tls1.2
To enable only one protocol, specify the same protocol for both localHttpsProtocolLow and
localHttpsProtocolHigh.
VMware, Inc.
31