My colleague Arno Meijroos was at a customer where they were experiencing disconnects when using Citrix Receiver 4.6. When the customer used Receiver 4.5 no disconnects occured.

NetScaler was running on Firmware version 11.1.50.10. An MPX was used.

Whilst looking at trace files on NetScaler and Client side all that was noticable was that the connection was terminated on the NetScaler side.

On the NetScaler custom cipher suites were defined to get an A+ rating in SSL Labs.

After working a little with Citrix Support they came with the following work-around:

Unbind the following ciphers from the custom cipher suite.

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
TLS1.2-ECDHE-RSA-AES128-GCM-SHA256

After removing these two ciphers from the suite no disconnects happen anymore.

 

For now I would advice to stay on receiver 4.5 or if there is any need for receiver 4.6 remove the ciphers as described above from your cipher suite.


Comments powered by CComment