Search the VMware Knowledge Base (KB)
View by Article ID

Disabling SSLv3 connections over HTTPS to View Security Server and View Connection Server (2094442)

  • 2 Ratings

Details

Customer-facing services can use HTTPS to connect to three secure gateways on View security server or View Connection Server 5.2.x, 5.3.x, and 6.0.x.

The Secure Gateway, which provides a secure tunnel for carrying RDP and other data over HTTPS, listens on port 443 by default. SSLv3 connections to the secure tunnel are disabled by default.

The PCoIP Secure Gateway (PSG) provides secure connections to a security server or View Connection Server over PCoIP. The PSG listens on port 4172 by default.  This gateway is not configurable. However, the PSG only accepts connections over PCoIP, and only clients running Horizon Client software can connect to the PSG. Browsers cannot access the PSG.  

The Blast Secure Gateway (BSG) provides browser access to View desktops over HTTPS. This gateway listens on port 8443 by default. SSLv3 connections to the BSG are not disabled by default on security server or View Connection Server versions 5.2.x, 5.3.0, 5.3.1, 5.3.2, and 6.0.x .  You can disable SSLv3 connections to the BSG by taking the steps described in this article.

Solution

You can disable SSLv3 access to the Blast Secure Gateway by editing the absg-config.js file on a security server or View Connection Server instance.

  1. On each security server or View Connection Server instance, open the absg-config.js file using a text editor. The file is located at:

    C:\Program Files\VMware\VMware View\Server\appblastgateway\lib\

    This path applies to security server or View Connection Server 5.2.x, 5.3.x, and 6.0.x.  

  2.  Add this line near to the beginning of the file: 

    var constants = require('constants'); 

    For example, you can insert this line around line 5, above the existing line:    

    exports.load = ...   

  3. Scroll to the getHttps() function, around line 119, and place your cursor just above the existing line:   

    return option;

    Insert these two lines:

    option.secureProtocol = 'SSLv23_method';
    option.secureOptions = constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3;

    The secureOptions attribute disables SSLv2 and SSLv3. These lines set attributes in the 'option' object programmatically.

  4. Restart the VMware Horizon View Blast Secure Gateway service.
  5. Repeat these steps on all security servers and View Connection Server instances in the pod.

For translated versions of this article, see:

Keywords

SSLv3, View, Blast Secure Gateway

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 2 Ratings
Actions
KB: