Instructions below tested with Via Access 1.2 and Netscaler 11.0 63.16.
Customers using Citrix Netscaler as a loadbalancer for an IDR cluster must make the following configuration changes to the Netscaler's encryption settings in order for the solution to work properly:
- Only enable TLSv1, TLSv11, TLSv12. Disable SSLv2, SSLv3.
- Only allow the following SSL ciphers: TLS1-ECDHE-RSA-AES256-SHA and TLS1-ECDHE-RSA-AES128-SHA
- Bind all 4 ECC curves (P_256, P_384, P_224, P_521)
Below are screenshots from the Netscaler configuration (Web UI and Command Line):