I am running view 5.1 with security servers and connection servers. Recently I attempted to lock down the different ciphers and protocols on the internet facing security servers.
I followed the article Configuring cipher suites and security protocols on a VMware View Connection Server instance or Secu...
I created a locked.properties file and saved to the location C:\Program Files\VMware\VMware View\Server\sslgateway\conf
In the file I entered the following info
secureProtocols.1=TLSv1.2
secureProtocols.2=TLSv1.1
secureProtocols.3=TLSv1
secureProtocols.4=SSLv2Hello
enabledCipherSuite.1=TLS_RSA_WITH_AES_128_CBC_SHA
enabledCipherSuite.2=TLS_DHE_DSS_WITH_AES_128_CBC_SHA
enabledCipherSuite.3=SSL_RSA_WITH_3DES_EDE_CBC_SHA
I made sure there were no spaces or any grammar errors.
Upon restarted all the view security server services clients could no longer connect to the site receiving an ssl error. I also tried to scan the site using a ssl scanner SSL Analyzer and SSL Certificate Checker | COMODO
The site couldn't even connect to scan the certificate anymore after making the change.
I was successful in testing on a different view server but, the version was newer. I believe it was version 6.0.
Anyone have any ideas on what I might of missed? I don't really want to have to upgrade the infrastructure just to secure protocols and ciphers.
Were you able to find a resolution to this? I'm also running VMware View Connection server 5.1, and getting the SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY error using Firefox. I've also tried the locked.properties file, but the connection server doesn't seem to be honoring it. Thanks for any information you might have.
I have some notes from when I was working on this issue, hopefully they help
For View 5.2, please review "Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server"
Follow "Change the Global Acceptance and Proposal Policies" to remove the SSL_RSA_WITH_RC4_128_SHA cipher suite
This Communities post also has good instructions on editing the ADSI pae- values
https://communities.vmware.com/thread/507973?start=0&tstart=0
For View 6.2, RC4 is already disabled
To disable RC4 in both 5.2 and 6.2 for Blast secure gateway please review KB 2122359