back to article Wait, what? Citrix Receiver sessions run on crocked crypto!

The basic premise of the Citrix products-formerly-known-as Xen App and Xen Desktop is that they deliver applications and desktops more securely than is possible if you run them locally. The prospect of those apps and desktops being snoop-able is therefore more than a little worrying. News that Citrix Receiver, the app that …

  1. Anonymous Coward
    Anonymous Coward

    Isn't this just them making it compliant with DSS v3.2 as TLS 1.0 has to be removed, that means all the cipher suites that go with it.

  2. Anonymous Coward
    Anonymous Coward

    Secure the netscaler

    If you secure the Netscaler and remove all insecure ciphers, then it doesn't matter if receiver supports them. They won't get used anyway. First thing I do after setting up a Netscaler is configure it to get an A+ on the qualys SSL checker.

  3. Anonymous Coward
    Anonymous Coward

    Citrix 4.9 LTSR was actually released around August 2017 (according to a quick web search)

    4.9.2 came in March 2018 and apparently 4.9.3 has just dropped this week.

    (The release notes for 4.9.3 do not mention any crypto changes)

  4. Anonymous Coward
    Anonymous Coward

    Shock Horror!

    Mature <PRODUCT> supports old ciphers now considered insecure for backwards compatibility. It also supports all the new secure ciphers. Old ciphers are now being deprecated as you should no longer use them.

    How is this a story? In this case <PRODUCT> is Citrix receiver, but you could also easily insert Windows, Linux, BSD, Kemp, F5 or pretty much anything that uses SSL/TLS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon