Product Documentation

What’s new

What’s new in 4.12

Crypto kit update

This release contains two important changes to the TLS/DTLS secure communications protocols; support for DTLS Version 1.2, and deprecation of TLS/DTLS cipher suites, which do not offer forward secrecy.

DTLS version 1.2 supports the UDP transport protocol, providing the equivalent of TLS version 1.2 for the TCP transport protocol. Previous versions of Receiver for Windows already supported TLS version 1.2.

Cipher suites with the prefix TLS_RSA_ do not offer forward secrecy. These cipher suites are now generally deprecated by the industry. However, to support backward compatibility with older versions of XenApp and XenDesktop, Receiver for Windows can utilize these cipher suites.

A new Group Policy Object Administrative template has been created to allow usage of the deprecated cipher suites. In Receiver for Windows Version 4.12, this policy is enabled by default, but does not enforce deprecation of these cipher suites using the AES or 3DES algorithms by default. However, you can modify and use this policy to enforce the deprecation more strictly.

Following is the list of deprecated cipher suites:

  1. TLS_RSA_AES256_GCM_SHA384
  2. TLS_RSA_AES128_GCM_SHA256
  3. TLS_RSA_AES256_CBC_SHA256
  4. TLS_RSA_AES256_CBC_SHA
  5. TLS_RSA_AES128_CBC_SHA
  6. TLS_RSA_3DES_CBC_EDE_SHA
  7. TLS_RSA_WITH_RC4_128_MD5
  8. TLS_RSA_WITH_RC4_128_SHA

Note

The final two cipher suites use the RC4 algorithm, which is deprecated because these cipher suites are not secure. You might also consider the TLS_RSA_3DES_CBC_EDE_SHA cipher suite to be deprecated. You can use this policy to enforce all these deprecations.

For information about configuring DTLS v1.2, see Adaptive transport in XenApp and XenDesktop documentation.

For information about configuring deprecated cipher suites, see Configure deprecated cipher suites.

Battery icon notification

A battery appears in the session’s host notification area in which the client’s battery information is represented.

This feature is applicable only on VDA running on version 7.18 and later.

Fast smart card

Fast smart card improves performance when smart cards are used in high-latency WAN scenarios. Fast smart card is enabled by default on the hosts that are running Windows Server 2012, Window Server 2016, or a minimum of Windows 10. To enable fast smart card on the client side, configure the SmartCardCryptographicRedirection parameter in default.ica file.

Webcam plug and play

Applications dynamically detect a webcam being plugged in or removed on the client. Users don’t have to restart theapplication to detect these changes.