Hi Zhimin, thanks for your response.

But I'm not pretty sure how to verify this feature with GPO template. Would you pls share a sample about it?

I've went though the whitepaper ‘Using VMware Horizon Client for Linux’ and ‘Using VMware Horizon Client for Windows’, only found that I have to modify the property file or add command option. But I still can't find out how to do it. Pls kindly help me out. Thanks in advance.

Please provide more detail about "verify this feature with GPO template". As there is no GPO impact in this feature. User sets the SSL cipher configuration in client as before and USB component takes the setting and uses that in USB channel.

I mean I don't know how to validate this feature.

I'm not sure the connection brought up is encrypted, let alone the USB channel encryption works well or not.

From whitepaper 'Using VMware Horizon Client for Windows', page 33:

Configuring Advanced SSL Options

I MPORTANT   If the only protocol you enable on the client is TLS v1.1, you must verify that TLS v1.1 is also

enabled on the remote desktop. Otherwise, USB devices cannot be redirected to the remote desktop.

I modified the "Configure SSL protocols and cryptographic algorithms", and did nothing with remote server. There will no any error pops up when connectioning to remote server with a USB key plugged in.

I think that means TLS v1.1 is also enabled on agent side. You can double check this in agent according to below page:

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll