Unable to access Storefront through NetScaler Gateway and getting " Could reach the page " error.
Article ID: CTX238246
Updated On:
Description
- After upgrading to 12.0 build 58.15 , unable to access the Storefront server through NetScaler Gateway and getting " Could reach the page " error.
NOTE: On NetScaler Gateway Session profile, the Storefront URL is configured with Storefront Load balancing server IP.
- If Storefront Load balancer IP is replaced with Actual Storefront Server IP, then Storefront is accessible through NetScaler gateway.
In the following nstrace screenshot, we could see that the Storefront Load balancer has sent Export cipher in the Server Hello. For which, we could see a FATAL Error message from NetScaler gateway Vserver.
Resolution
- Unbind the Export ciphers (i.e weak ciphers) as listed below from the Storefront Load balancing Vserver.
TLS1-EXP1024-RC4-SHA
SSL3-EXP-RC4-MD5
SSL3-EXP-DES-CBC-SHA
SSL3-EXP-RC2-CBC-MD5
SSL2-EXP-RC4-MD5
TLS1-EXP1024-DHE-DSS-RC4-SHA
SSL3-EXP-EDH-DSS-DES-CBC-SHA
SSL3-EXP-EDH-RSA-DES-CBC-SHA
TLS1-EXP1024-RC4-MD5
TLS1-EXP1024-RC2-CBC-MD5
SSL2-EXP-RC2-CBC-MD5
SSL3-EXP-ADH-RC4-MD5
SSL3-EXP-ADH-DES-CBC-SHA
TLS1-EXP1024-DHE-DSS-DES-CBC-SHA
TLS1-EXP1024-RC4-SHA
SSL3-EXP-RC4-MD5
SSL3-EXP-DES-CBC-SHA
SSL3-EXP-RC2-CBC-MD5
SSL2-EXP-RC4-MD5
TLS1-EXP1024-DHE-DSS-RC4-SHA
SSL3-EXP-EDH-DSS-DES-CBC-SHA
SSL3-EXP-EDH-RSA-DES-CBC-SHA
TLS1-EXP1024-RC4-MD5
TLS1-EXP1024-RC2-CBC-MD5
SSL2-EXP-RC2-CBC-MD5
SSL3-EXP-ADH-RC4-MD5
SSL3-EXP-ADH-DES-CBC-SHA
TLS1-EXP1024-DHE-DSS-DES-CBC-SHA
Problem Cause
Weak Ciphers (i.e Export Ciphers) are configured under Storefront Load balancer Server. From 12.0 build the weak ciphers are not supported.Issue/Introduction
- After upgrading to 12.0 build 58.15 , unable to access the Storefront server through NetScaler Gateway and getting " Could reach the page " error.
NOTE: On NetScaler Gateway Session profile, the Storefront URL is configured with Storefront Load balancing server IP.
Was this article helpful?
Yes
No
Powered by
