excerpted from official release note:
While I can't find any document with more detailed introduction about this new feature. thanks in advance.
In Horizon 6.0.0, user can change the SSL cipher configuration used by view client. But that cipher configuration only covers the communication between client UI and broker and agent. The USB channel doesn't be protected with the SSL cipher configuration set by the client UI.
What this new feature does in Horizon 6.0.1 is let USB component honors the cipher configuration set by client UI so the USB channel uses the same SSL cipher configuration as client UI.
Hi Zhimin, thanks for your response.
But I'm not pretty sure how to verify this feature with GPO template. Would you pls share a sample about it?
I've went though the whitepaper ‘Using VMware Horizon Client for Linux’ and ‘Using VMware Horizon Client for Windows’, only found that I have to modify the property file or add command option. But I still can't find out how to do it. Pls kindly help me out. Thanks in advance.
Please provide more detail about "verify this feature with GPO template". As there is no GPO impact in this feature. User sets the SSL cipher configuration in client as before and USB component takes the setting and uses that in USB channel.
I mean I don't know how to validate this feature.
I'm not sure the connection brought up is encrypted, let alone the USB channel encryption works well or not.
From whitepaper 'Using VMware Horizon Client for Windows', page 33:
Configuring Advanced SSL Options
I MPORTANT If the only protocol you enable on the client is TLS v1.1, you must verify that TLS v1.1 is also
enabled on the remote desktop. Otherwise, USB devices cannot be redirected to the remote desktop.
I modified the "Configure SSL protocols and cryptographic algorithms", and did nothing with remote server. There will no any error pops up when connectioning to remote server with a USB key plugged in.
I think that means TLS v1.1 is also enabled on agent side. You can double check this in agent according to below page:
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll