Whitehat's Citrix team has identified an important issue with web browser Google Chrome and Citrix’s legacy Access Gateway appliance.
Citrix’s legacy Access Gateway appliance, which reached end of life September 30, 2014 (see table below), but which a number of operations still have in place, does not work with updated Chrome ciphers, rendering the popular browser ineffective in environments still using Access Gateway. Chrome’s new ciphers, which were put in place to replace the compromised RC4 cipher, cannot be disabled.
Users seeing the alert “This site can’t provide a secure connection” are encountering the cipher incompatibility.
Because the old Access Gateway uses the RC4 cipher and cannot be upgraded to more current ciphers, it has become a security risk, it should be removed from your environment regardless of Chrome compatibility. At this juncture, the only solution for the Access Gateway/Chrome incompatibility is to abandon Access Gateway in favor of its direct replacement NetScaler Gateway, the most current version of this Citrix appliance provides load balancing and a secure delivery network for XenApp, XenDesktop and XenMobile environments.
NOTE: You should also be aware that Microsoft is in the process of updating its Internet Explorer browser, too, to eliminate the use of RC4, and so its compatibility with Access Gateway will be short-lived, as well.
Whitehat is happy to assist you with the transition to Netscaler Gateway. Give us a call and we’ll help you enable your users to use their favorite browser once again.