After upgrading from NetScaler 10.1 build 120 to 10.5 build 54.9 SSL offload with end to end encryption does not work and NetScaler sends RESET Win= 9833.

When performing SSL offload with end to end encryption in some situation SSL Renegotiation is required, when upgrading to 10.5, the NetScaler sets the DenySSLReneg to ALL. In NetScaler 10.1 the default setting is set to NO.

To resolve this issue change this back to NO. Run the following command in the NetScaler CLI:
>set ssl parameter -denySSLReneg NO

Problem Cause

The DenySSLReneg is set to ALL by default in NetScaler 10.5.

Note: Download the image to view it at full resolution.

CTX121925 - SSL Renegotiation Process and Session Reuse on NetScaler Appliance

Citrix Blog - NetScaler Gateway SSL Renegotiation feature     

CTX123680 - How to Configure -denySSLReneg Parameter