Ciphers available on the Citrix ADC appliances 编辑

Your Citrix ADC appliance ships with a predefined set of cipher groups. To use ciphers that are not part of the DEFAULT cipher group, you have to explicitly bind them to an SSL virtual server. You can also create a user-defined cipher group to bind to the SSL virtual server. For more information about creating a user-defined cipher group, see Configure user-defined cipher groups on the ADC appliance.

Notes

• From release 13.0 build 71.x and later, TLS1.3 hardware acceleration is supported on the following platforms:

  • MPX 5900
  • MPX/SDX 8900
  • MPX/SDX 9100
  • MPX/SDX 15000
  • MPX/SDX 15000-50G
  • MPX/SDX 16000
  • MPX/SDX 26000
  • MPX/SDX 26000-50S

  • MPX/SDX 26000-100G

  • Software-only support for the TLSv1.3 protocol is available on all other Citrix ADC MPX and SDX appliances except Citrix ADC FIPS appliances.

• TLSv1.3 is only supported with the enhanced profile. To enable the enhanced profile, see Enable the enhanced profile.

• To use TLS1.3, you must use a client that conforms to the RFC 8446 specification.

• RC4 cipher is not included in the default cipher group on the Citrix ADC appliance. However, it is supported in the software on the N3-based appliances. RC4 encryption, including the handshake, is done in software.

• Citrix recommends that you do not use this cipher because it is considered insecure and deprecated by RFC 7465.

• Use the ‘show hardware’ command to identify whether your appliance has N3 chips.

sh hardware

Platform: NSMPX-22000 16*CPU+24*IX+12*E1K+2*E1K+4*CVM N3 2200100

Manufactured on: 8/19/2013

CPU: 2900MHZ

Host Id: 1006665862

Serial no: ENUK6298FT

Encoded serial no: ENUK6298FT
<!--NeedCopy-->