Ciphers available on the Citrix ADC appliances 编辑
Your Citrix ADC appliance ships with a predefined set of cipher groups. To use ciphers that are not part of the DEFAULT cipher group, you have to explicitly bind them to an SSL virtual server. You can also create a user-defined cipher group to bind to the SSL virtual server. For more information about creating a user-defined cipher group, see Configure user-defined cipher groups on the ADC appliance.
Notes
From release 13.0 build 71.x and later, TLS1.3 hardware acceleration is supported on the following platforms:
- MPX 5900
- MPX/SDX 8900
- MPX/SDX 9100
- MPX/SDX 15000
- MPX/SDX 15000-50G
- MPX/SDX 16000
- MPX/SDX 26000
- MPX/SDX 26000-50S
MPX/SDX 26000-100G
- Software-only support for the TLSv1.3 protocol is available on all other Citrix ADC MPX and SDX appliances except Citrix ADC FIPS appliances.
TLSv1.3 is only supported with the enhanced profile. To enable the enhanced profile, see Enable the enhanced profile.
To use TLS1.3, you must use a client that conforms to the RFC 8446 specification.
RC4 cipher is not included in the default cipher group on the Citrix ADC appliance. However, it is supported in the software on the N3-based appliances. RC4 encryption, including the handshake, is done in software.
Citrix recommends that you do not use this cipher because it is considered insecure and deprecated by RFC 7465.
Use the ‘show hardware’ command to identify whether your appliance has N3 chips.
sh hardware
Platform: NSMPX-22000 16*CPU+24*IX+12*E1K+2*E1K+4*CVM N3 2200100
Manufactured on: 8/19/2013
CPU: 2900MHZ
Host Id: 1006665862
Serial no: ENUK6298FT
Encoded serial no: ENUK6298FT
<!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论