With our strong emphasis in security, the ability to specify the SSL protocols supported by XenMobile Server is critical to our customers to help them to control which SSL Protocols they allow to access XenMobile. With XenMobile Server 10.6, we introduce a new CLI option that allows the administrator to specify which SSL protocols XenMobile uses. The protocols allowed are:

• TLSv1.2
• TLSv1.1
• TLSv1

---

Instructions

How do I specify the SSL Protocols?

By default, TLSv1, TLSv1.1 and TLSv1.2 protocols are enabled. To enable or disable protocols:

• Open the XenMobile CLI, choose [2] System, and choose [12] Advanced Settings.

  
 

• Choose [3] SSL protocols.

• At the New SSL Protocols to enable prompt, type the protocols, separated by a comma, that you want to enable. Any protocols not included will be disabled. For example: To disable TLSv1, type TLSv1.2,TLSv1.1 and then type y to restart XenMobile Server

 

What errors might be displayed if the SSL Protocols are misconfigured between XenMobile and NetScaler?

In this example, the NetScaler was configured for TLSv1.2 only and the XenMobile server was configured for TLSv1 and TLSv1.1
The following error might be displayed on the devices:
Error: “An error has occurred in your connection. Try connecting again."
Android



iOS



SSL Handshake failure in NetScaler network trace for already enrolled device



Encrypted Alert in NetScaler network trace when attempting to enroll a new device



Bad Cert Error in XenMobile Server network trace


 
 Secure Hub log Android


 
Secure Hub log iOS

FAQ: XenMobile integration with Azure Active Directory as IDP 
FAQ: XenMobile Derived Credentials
FAQ: XenMobile and Windows Information Protection (WIP) Policy