AlwaysOn VPN TLS 1.3 support

[Arjan Beijer1709152615]

After enabling TLS 1.3 and disabling all other TLS settings the Windows VPN client cannot connect to the gateway anymore.

I did set the correct ECC value(s) and Cipher-suite and enabled the "setssl parameter -defaultProfile e".

 

A modern browser is able to connect to the gateway without any issue, the vpn client however gives a "ERROR | statusCallbackFunc | 71 | SSL library internal failure"

 

Is TLS 1.3 not supported yet ?

 

Firmware used is "build-13.0-76.31_nc_64" and we are using the latest VPN client available.

[Nikolay Dimitrov1709159278]

Did you download the latest VPN Client from the Citrix Gateway or from the web site https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/select-gateway-plugin-for-users.html / https://www.citrix.com/downloads/citrix-gateway/plug-ins/  as it could be that your client application is old?

 

 

You may also enable logging on the plugin to see better what is the error:

 

https://docs.citrix.com/en-us/citrix-gateway/current-release/maintain-monitor/ng-maintain-ng-plugin-logging-tsk.html

[Mohammed Khalifa]

Hi,

 

I have the same issue. I am using the newer client : 21.9.1.2.

 

From wireshark capture on the client PC, I can see that the client is not trying to connect on TLS 1.3. 

 

Regards,

Mohammed Khalifa.