Posted in : NetScaler

3 years ago

I’ve seen issues with multiple backend applications (Exchange 2013 and custom built web application) where there has been sporadic issues with content being delivered to and from the backend. In the Exchange case, emails got stuck in outbox (was able to recreate the issue by sending large attachments) and the other case where a PDF was generated on the site.
We are usually using the following ciphers:

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
TLS1.2-ECDHE-RSA-AES-256-SHA384
TLS1.2-ECDHE-RSA-AES-128-SHA256
TLS1-ECDHE-RSA-AES256-SHA
TLS1-ECDHE-RSA-AES128-SHA
TLS1.2-DHE-RSA-AES256-GCM-SHA384
TLS1.2-DHE-RSA-AES128-GCM-SHA256
TLS1-DHE-RSA-AES-256-CBC-SHA
TLS1-DHE-RSA-AES-128-CBC-SHA
TLS1-AES-256-CBC-SHA
TLS1-AES-128-CBC-SHA
SSL3-DES-CBC3-SHA

The issue has been resolved by removing the following four ciphers:

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
TLS1.2-DHE-RSA-AES256-GCM-SHA384
TLS1.2-DHE-RSA-AES128-GCM-SHA256

I’ve only seen the issue on hardware so far (nitrox 2), both MPX and SDX. I’ve created two cases for two different customers, send me an email if you need the case numbers for reference.
The issue is so far present in version 11.1 build 49.16 and build 50.10.

Tags :

Comments

Ketil Gjerde says

Hi!
Would you mind emailing me the case numbers so I can input them on my own case regarding this issue?

Simon Gottschlag says

Hi Ketil!
Sorry for the late reply. I've emailed you.

Add comment

Your comment will be revised by the site if needed.