Jump to content
Welcome to our new Citrix community!

TLS 1.3 support


Scott Knights

Recommended Posts

I have upgraded my Netscaler VPX to firmware 12.1 49.37 and attempted to enable TLS 1.3 in the SSL profile. The cypher suite includes the three TLS 1.3 cyphers. It doesn't work in Chrome 70.

 

Qualys SSL checked shows a No for TLS 1.3 and handshake failures for Chrome 70. If I disable TLS 1.3 in the profile then everything works, falling back to TLS 1.2.

 

Is the 1.3 support not ready yet, is Chrome doing something silly or am I doing something wrong?

qualys.png

profile.PNG

cyphers.PNG

Link to comment
Share on other sites

  • 4 weeks later...

I'm seeing the same issue with multiple environments I support.  If on the latest version of Chrome (70.x) and TLS 1.3 is enabled on the netscaler, the page will not load in Chrome.  Works fine in IE, and other browsers.

 

If I disable TLS 1.3 in Chrome  (chrome://flags/) then it works, or if I disabled TLS 1.3 on the netscaler it works.

 

I need a solution where TLS 1.3 is enabled and working with default Chrome settings.

 

Any luck finding a solution?

Link to comment
Share on other sites

I have a confirmed solution.

 

Citrix support has confirmed that you must be on NS 12.1 49.23 or newer in order to support the TLS 1.3 RFS 8446 which is required for it to work in the Chrome browser 70.x.

 

I also confirmed that I had to remove the ECC Curve 224, as only 521, 256, and 384 are supported with TLS 1.3.

 

Once I did this, I was able to resolve the error in Chrome.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...