Configuring Cipher suite order on the NetScaler Gateway for Application or Desktop Launch Failures with TLS or DTLS due to invalid cipher suites

Configuring Cipher suite order on the NetScaler Gateway for Application or Desktop Launch Failures with TLS or DTLS due to invalid cipher suites

book

Article ID: CTX235509

calendar_today

Updated On:

Description

The following are the steps to configure the appropriate cipher suites on NetScaler Gateway in case where session launch fails in Receiver 4.12.

Instructions

  1. Navigate to Configuration tab > Traffic Management > SSL > Select Change advanced SSL Settings.
    User-added image

  2. Check the box labelled ‘Enable Default Profile’ and select OK.
    User-added image

  3. Select Yes when the below prompt comes up.
    User-added image

  4. If you repeat step 1 now, the Default profile should have been ENABLED.
    User-added image

  5. Navigate to Configuration tab > System > Profiles > SSL Profile > Click on ns_default_ssl_profile_backend
    User-added image

  6. Edit the SSL Ciphers option and remove the default option using the -(minus) symbol next to it. Then check the options SHA2 and RSA and add them to the Configured list as shown below. Then Click OK to save the configuration.
    User-added image

Note: This settings will not be applicable for NetScaler 10.5.x version when the cipher suite being set to “GOV” on 7.18 VDA. Please upgrade the NSG version to higher version or change the cipher suite of VDA to “ANY”.

Additional Information

You can also run a wireshark trace on NetScaler to analyze ssl handshake.
Powered by Wolken Software