Table of Contents
Overview
There is a great post about DTLS 1.2 from Ferroque Systems for using EDT with HDX. I tried that config for the usage of DTLS 1.2 within SSLVPN, so the tunnel in Citrix Secure Access will go with UDP and in case of non-working, doing auto-fallback to TCP. I’ve noticed some difference in Ciphers where this Quickpost is about.
Configuration
Connection Tests with Wireshark
During the first tests I’ve noticed the connection is not using UDP. I’ve used the two DTLS 1.2 Cipher which are recommended in the article above. But see here the Wireshark results during the authentication and session-initialization, Handshake Failure:
So I did some tests, adding and removing DTLS Cipher in my Cipher Group and checking again with Wireshark.
My results are these two Cipher (red marked) are only working with CSA (23.8.1.11) for DTLS 1.2 – the two first ones are recommended for DTLS Usage with HDX EDT for Citrix Workspace App.
Even with the latest CSA Build 24.6.1.18 only these two Cipher are supported for building up a successful DTLS 1.2 connection:
Wireshark again when using these two ECDHE-RSA Cipher, connection and tunnel successful with UDP:
Summary
Just a quick post to validate – in case of DTLS there is no feature parity between Workspace App and Secure Access Client, unfortunately.
One comment