February 5, 2013 - Sven Huisman
Secure your VMware View security server!
Recently, one of my customers had a security scan performed on the infrastructure and the result was that the VMware View security server was configured to support a couple of weak cipher suites. As it turns out, there is a VMware KB-article that describes how to configure the security server with SSL protocols and Cipher suites: Configure cipher suites and security protocols on a View Connection server instance or security server in View 4.5 and later.
How to solve this:
– Create a text-file called: locked.properties (Usually located in “c:\program files\VMware\VMware View\Server\sslgateway\conf\”)
– The locked.properties file should look like this:
How do you know these are safe cipher suites that you can use? I found the following website and you can see that the Cipher suites mentioned in the KB-article are safe to use: