Search the VMware Knowledge Base (KB)
View by Article ID

Disabling TLS 1.0 in Horizon Air Appliances (2146781)

  • 0 Ratings

Details

In Horizon Air 16.6.x, TLS 1.0 is enabled on Port 8443 in these scenarios:
  • Service Provider appliances - New install and upgraded environments
  • Tenant and Desktop Manager appliances - Upgraded environments only
You can disable TLS 1.0 on Service Provider appliances if all of these are true:
  • You are not using vCenter Server 5.x.
  • You are not supporting 15.3.x Tenants.
  • You are not using any domain controllers that need TLS 1.0 enabled.
You can disable TLS 1.0 on Tenant and Desktop Manager appliances if both of the following are true:
  • You know that DaaS Agents have been restarted on all desktops some time after upgrade to 16.6.0.
  • You are not using any domain controllers that need TLS 1.0 enabled.
 

Solution

To disable TLS 1.0:
  1. Open the java.security file using a text editor:

    /usr/local/java/jdk8/jre/lib/security/java.security

  2. Locate the entry jdk.tls.disabledAlgorithms= .
  3. Add the entry TLSv1:

    jdk.tls.disabledAlgorithms= TLSv1, SSLv3, RC4, MD5withRSA, DH keySize < 768


  4. Open the server.xml file using a text editor:

    /usr/local/desktone/release/active/conf/server.xml


  5. Locate the entry SSLProtocol= for the 8443 connector.
  6. Remove the entry TLSv1:

    SSLProtocol="TLSv1.1+TLSv1.2"

  7. Restart the dt-service.

    service dtService start

  8. Repeat steps # 1 to #5 for all remaining appliances.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: