Receiver for Windows 4.11 | Error "Unable to connect to the server. error SSL Error 4"

Receiver for Windows 4.11 | Error "Unable to connect to the server. error SSL Error 4"

book

Article ID: CTX236438

calendar_today

Updated On:

Description

User-added image

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

Microsoft introduced new set of ciphers, in their update KB2919355, which is applicable to Windows 8.1 and Windows Server 2012 R2 operating systems.

The following cipher suites are enabled and in this priority order by default by the Microsoft Schannel Provider:
 

Cipher suite stringAllowed by SCH_USE_STRONG_CRYPTOTLS/SSL Protocol Versions
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256YesTLS1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384YesTLS1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256YesTLS1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384YesTLS1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256YesTLS1.0, 1.1, 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384YesTLS1.0, 1.1, 1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 YesTLS1.0, 1.1, 1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384YesTLS1.0, 1.1, 1.2


Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Android 3.12.2/3.12.3 and Receiver for Linux 13.6 introduce these ECDHE ciphers which trigger this defect.
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Install KB2919355 on all Windows 8.1 client machines.


Problem Cause

The issue is due to a defect in some builds of NetScaler where SSL handshake fails if a client hello message includes an ECC extension but the NetScaler appliance does not support any of the ECDHE ciphers in the cipher list sent by the client. The handshake fails even if the list contains some non-ECDHE ciphers that are supported.

 

Issue/Introduction

Able to launch applications from another client machine but fails from this client machine.

Additional Information

https://support.citrix.com/article/CTX221453
https://msdn.microsoft.com/en-us/library/windows/desktop/mt767781(v=vs.85).aspx