Ferry / NetScaler 11.1 receiver 4.6 and random disconnects

Created Fri, 29 Jun 2018 14:00:28 +0200

My colleague Arno Meijroos was at a customer where they were experiencing disconnects when using Citrix Receiver 4.6. When the customer used Receiver 4.5 no disconnects occured.

NetScaler was running on Firmware version 11.1.50.10. An MPX was used.

Whilst looking at trace files on NetScaler and Client side all that was noticable was that the connection was terminated on the NetScaler side.

On the NetScaler custom cipher suites were defined to get an A+ rating in SSL Labs.

After working a little with Citrix Support they came with the following work-around:

Unbind the following ciphers from the custom cipher suite.

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 TLS1.2-ECDHE-RSA-AES128-GCM-SHA256

After removing these two ciphers from the suite no disconnects happen anymore.

For now I would advice to stay on receiver 4.5 or if there is any need for receiver 4.6 remove the ciphers as described above from your cipher suite.