Jump to content
Welcome to our new Citrix community!

ADC and DTLS Cipher Sanity Check


Jesse Gibson

Recommended Posts

My goal is to get EDT working through our ADC, however EDT requires DTLS. So this is where I need a sanity check because I have a hard time accepting that to use DTLS/EDT I can't use any ciphers above TLS1.0

 

Am I correct in thinking that based on the ciphers support by DTLS that there is no way to get a grade above B on SSL Labs? DTLS doesn't seem to support anything above TLS1.0

Link to DTLS supported ciphers

 

So my options are either: Ditch EDT and just use TCP or stop trying for a high grade than B on SSL Labs?

 

We have some staff that live in very rural areas and with EDT working it makes their Citrix experience so much better.

 

Side note: If you actually implement all the ciphers per the article, you get an F because SSL3. I've taken out SSL3 from my ciphers - which got me the score of B - see image.

SSLReport.PNG

Edited by jgibson780
Added image of SSL Labs report
Link to comment
Share on other sites

In 13.0 build 58.32:

 

User can now configure a separate DTLS VPN virtual server using the same IP and port number of a configured SSL VPN virtual server. Configuring DTLS VPN virtual servers enables user to bind the advanced DTLS ciphers and certificates. Also, DTLS 1.2 protocol is supported in addition to the earlier supported DTLS 1.0 protocol.

 

Note: there have been several problems reported in 13.0 build 58.32.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...