Advanced Edition
Access Gateway Advanced Edition
The Access Gateway and the servers running Advanced Edition can both be required to use secure client certificates. Use the following guidelines when configuring for client certificate use:
All communications between the Secure Access Client and the Access Gateway are encrypted with SSL. The SSL protocol allows two computers to negotiate encryption ciphers to accomplish the symmetric encryption of data over a secure connection.
You can select the specific cipher that the Access Gateway uses for the symmetric data encryption on an SSL connection. Selecting a strong cipher reduces the possibility of malicious attack. The security policies of your organization may also require you to select a specific symmetric encryption cipher for secure connections.
Note: If you are using the Access Gateway to provide access to Citrix Presentation Server, ICA traffic transmitted to the Access Gateway is also encrypted using these ciphers.
You can select RC4, 3DES, or AES encryption ciphers for SSL connections. The default setting is RC4 128-bit. The MD5 or SHA hash algorithm is negotiated between the client and the server.
The Access Gateway uses RSA for public key encryption in a secure connection. The encryption ciphers and hash algorithms that you can select for symmetric encryption are listed below:
-
- RC4 128-bit, MD5/SHA
- 3DES, SHA
- AES 128/256-bit, SHA
To select an encryption type for client connections:
-
1. Click the Global Cluster Policies tab.
2. Under Select security options, in Select encryption type for client connections, select the bulk encryption cipher you want to use for secure connections. Click Submit.