Posted in : NetScaler
3 years ago
I’ve seen issues with multiple backend applications (Exchange 2013 and custom built web application) where there has been sporadic issues with content being delivered to and from the backend. In the Exchange case, emails got stuck in outbox (was able to recreate the issue by sending large attachments) and the other case where a PDF was generated on the site.
We are usually using the following ciphers:
TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 TLS1.2-ECDHE-RSA-AES-256-SHA384 TLS1.2-ECDHE-RSA-AES-128-SHA256 TLS1-ECDHE-RSA-AES256-SHA TLS1-ECDHE-RSA-AES128-SHA TLS1.2-DHE-RSA-AES256-GCM-SHA384 TLS1.2-DHE-RSA-AES128-GCM-SHA256 TLS1-DHE-RSA-AES-256-CBC-SHA TLS1-DHE-RSA-AES-128-CBC-SHA TLS1-AES-256-CBC-SHA TLS1-AES-128-CBC-SHA SSL3-DES-CBC3-SHA
The issue has been resolved by removing the following four ciphers:
TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 TLS1.2-DHE-RSA-AES256-GCM-SHA384 TLS1.2-DHE-RSA-AES128-GCM-SHA256
I’ve only seen the issue on hardware so far (nitrox 2), both MPX and SDX. I’ve created two cases for two different customers, send me an email if you need the case numbers for reference.
The issue is so far present in version 11.1 build 49.16 and build 50.10.