BugZero | VMware BugID 95144 - Horizon 2309 (8.11) FIPS Mode Limitations

VMware - Defect ID: 95144

Horizon 2309 (8.11) FIPS Mode Limitations

VMware - Defect ID: 95144

Horizon 2309 (8.11) FIPS Mode Limitations

Last updated on 10/26/2023

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Details

The following article describes FIPS-mode limitations with the 2309 (8.11) release of Horizon.This article applies to Horizon Clients connecting to Horizon On-Prem or Horizon Cloud v1 (Smart node) deployments.It does not apply to Horizon Clients connecting to Horizon Cloud v2 deployments.

Solution

Overview of the Limitation:Horizon Client 2309, Horizon Connection Server and Horizon Agent 2309 have migrated to use OpenSSL 3.0. This breaks compatibility in FIPS mode with Horizon Client connecting to older components. Horizon 8 On-Prem Deployment:1. Horizon Client 2309 (8.11) or newer is incompatible with Horizon Server version 2306 (8.10) or older.2. Horizon Client 2309 (8.11) or newer is incompatible with Unified Access Gateway (UAG) version 2306 or older. Horizon Cloud on Azure (v1) Smart Node Deployment:Horizon Client 2309 (8.11) or newer in FIPS mode is incompatible with all releases of Smart Node. Notes: There are no such limitations when using Horizon components in non-FIPS mode.In FIPS mode, Horizon Client versions 2306 (8.10) or older are still compatible with Horizon Server 2309 (8.11) or newer with or without the UAG component. Mitigation: Horizon On-Prem deployment For environments with UAG, there are 3 possible solutions: 1. Deploy and use UAG 2309 release or newer. It allows compatibility with older versions of Horizon Client and Horizon Server. Or as a workaround2. Turn off Client Encryption Mode when using Horizon Client 2309 (8.11) or newer with UAG 2306 or older in UAG's settings. This setting can be set under Horizon Settings OR using clientEncryptionMode=DISABLED in the UAG deployment's ini file to trigger the PowerShell deployment. Or3. Continue to use Horizon Client 2306 (8.10) or older. For environments without UAG: Install Horizon Client 2309 (8.11) or newer and Horizon Connection Server 2309 (8.11) or newer. Horizon Cloud on Azure (v1) Smart node deployment For environments without UAG, continue to use Horizon Client 2306 (8.10) or older until a Smart Node release which is compatible is available. Or For environments with UAG, deploy and use UAG 2309 or newer.

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

VMware - Defect ID: 95144

Horizon 2309 (8.11) FIPS Mode Limitations

VMware - Defect ID: 95144

Horizon 2309 (8.11) FIPS Mode Limitations

Last updated on 10/26/2023

Vendor details

Vendor details

Description

Details

Solution

Links

Top VMware defects by risk score

Ready to prevent the next vendor outage?