Applications in a StoreFront store fail to enumerate and launch. An SSL connection error is reported

book

Article ID: CTX319877

calendar_today

Updated On:

Description

After upgrading to SF 1912 CU2, the store fails to present apps, and the following info is seen in the event log:

Event ID:0
An SSL connection could not be established: None of the SSL cipher suites offered TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 were accepted by the server.

Resolution

The cipher suite order list must include the TLS_ECDHE_* cipher suites AND these cipher suites must precede any other cipher suites. Make these changes on both the Storefront servers and the Delivery Controllers.

Problem Cause

This issue occurs if the delivery controller is installed on Windows Server 2016 or Windows Server 2019, and StoreFront is installed on Windows Server 2012 R2. To resolve this issue, the cipher suite order list must include the TLS_ECDHE_* cipher suites and these cipher suites must precede any other cipher suites.

Ref: https://docs.citrix.com/en-us/storefront/1912-ltsr/whats-new/known-issues#known-issues-in-storefront-1912-cu2

Issue/Introduction

An SSL connection could not be established: None of the SSL cipher suites offered were accepted by the server.

Additional Information

https://docs.citrix.com/en-us/storefront/1912-ltsr/whats-new/known-issues#known-issues-in-storefront-1912-cu2

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"