Download Citrix Receiver 4.8
Customers using Citrix Receiver are strongly recommended to upgrade to Citrix Workspace app. Customers using Citrix Receiver 4.9 for Windows LTSR may alternatively choose to upgrade to Citrix Receiver 4.9.9002 for Windows LTSR Cumulative Update 9 or later to obtain the fixes. Customers should upgrade via Auto Update, or by running the installer. Citrix Workspace app provides the full capabilities of Citrix Receiver, as well as new capabilities based on your organization’s Citrix deployment. Citrix Workspace app is built on Citrix Receiver technology, and is fully backward compatible with all Citrix solutions. Find the latest releases here.
- Citrix ADC
- Receiver
Symptoms or Error
When attempting to connect to an Application or Desktop using Citrix Receiver for Windows 4.7 or Citrix Receiver for Mac 12.5, or Receiver for Android 3.12.2/3.12.3 or Citrix Receiver for Linux 13.6, you may see these errors.
- Error “The Remote SSL peer send a handshake failure alert”
- Error “Cannot connect to the Citrix XenApp Server. SSL Error 4: The operation completed successfully” or
- Error “Cannot connect to the Citrix XenApp Server. SSL Error 47: An unclassified SSL network error occurred”
- Error “TLS handshake failure, the TLS version configured may not match the version used by the server.”
- Error “General problem”
Citrix has identified a behavior with Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Android 3.12.2/3.12.3, and Receiver for Linux 13.6, which prevents connections via some specific NetScaler firmware versions. The following table covers the NetScaler builds which are affected.
| Release train | Affected Builds | Notes |
| 10.5 | 50.10, 51.10, 52.11 | Interoperability issue is found on all NetScaler MPX and SDX* appliances on these builds. |
| 10.5.e | 51.1017.e, 52.1115.e | |
| 10.1 | 124.13, 125.9, 126.12, 127.10, 128.8, 129.11, 129.22, 130.10, 130.11, 130.13, 131.11, 132.8, 133.9, 134.9 | |
| 10.1.e | 124.1308.e, 126.1203.e, 127.1007.e, 128.8003.e, 129.1105.e, 130.1302.e |
Citrix Products Receiver Setup
* On SDX appliances connection failure would happen when SSL chips are assigned to VPX instance(s).Note:
- No interoperability issue found with NetScaler VPX and FIPS appliances.
- All NetScaler 12.0/11.1/11.0 builds are safe from interoperability issue.
Citrix.xom/products/receiver
Solution
If you are using any of the above mentioned builds, Citrix recommends to upgrade to the latest build in each respective release. For example if you are using Netscaler 10.5 Build 50.10, you should upgrade to Netscaler 10.5 Build 65.11
| Release train | Recommended build | Release date |
| 10.5 | 65.11 | Feb 5, 2017 |
| 10.5.e | 60.7004.e | Mar 31, 2016 |
| 10.1 | 135.12 | Oct 24, 2016 |
| 10.1.e | 10.5 65.11 | Feb 5, 2017 |
show ns version
Problem Cause
The issue is due to a defect in some builds of NetScaler where SSL handshake fails if a client hello message includes an ECC extension but the NetScaler appliance does not support any of the ECDHE ciphers in the cipher list sent by the client. The handshake fails even if the list contains some non-ECDHE ciphers that are supported.
Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Android 3.12.2/3.12.3 and Receiver for Linux 13.6 introduce these ECDHE ciphers which trigger this defect.
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Additional Resources
CTX224709 - Error: 'You have not chosen to trust '...' When Launching Applications Using Receiver Through NetScaler Gateway