Jump to content
Welcome to our new Citrix community!

Cipher is not supported on this platform


Recommended Posts

Hello,

I have a strange thing that I cannot figure out.

I have 2 netscaler VPX's running on 2 different SDX's. All vpx's are running 12.0 60.10nc. The SDX's are both running 12.0 60.9

 

I am trying to add the cipher 'TLS1.2-ECDHE-RSA-CHACHA20-POLY1305' into a user defined SSL group.

 

On one of the VPX's I get the error below. I can see that the cipher is available in a few of the system groups. But cannot add this to any user defined groups.

 

The other VPX I am able to add it without any issues. Again they are running the same code.

 

Both VPX's were re-built when we moved them to the SDX platform. An import of the config was applied the same on both SDX's

I have looked at all of the settings relating to SSL & cannot see any difference between them.

 

Is there something I need to enable to allow me to put this cipher into a user defined group?

 

Thanks

Matt

image.thumb.png.1bc0f78f450cafd47b795857b8f6166e.png

Link to comment
Share on other sites

On 27.6.2019 at 2:16 PM, Gregor Blaj said:

Have you tried using the CLI? Wouldn’t be the first time I’ve seen the GUI do odd things. 

 

I would go with this too. Adding Ciphers to a user defined group has always been a struggle and contained various GUI bugs. 

 

When you did the config re-import - did you just copy paste the config into the NetScaler (or just copied the ns.conf into the netscaler directory)? I've had various problems when I tried to just copy paste the cli commands into NetScaler, I think the backup/restore function is better for these cases, as you usually have to alter the old ns.conf quite a bit to not run into weird issues after executing the old ns.conf on a new NetScaler

Link to comment
Share on other sites

  • 7 months later...
  • 4 months later...

As an FYI CHACHA20 ciphers are not well supported on many devices other than the VPX series virtual appliances.  If you remove them from your list of ciphers you will probably succeed, like I did.  To increase your chances make sure you are running 13.x code.

Reference this article for Cipher support from Citrix:

https://docs.citrix.com/en-us/citrix-adc/13/ssl/ciphers-available-on-the-citrix-ADC-appliances.html

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...