Configure deprecated cipher suites


When you upgrade or install Citrix Receiver for Windows for the first time, you must add the latest template files to the local GPO. For more information about adding template files to the local GPO, see Configuring the Group Policy Object administrative template. In case of an upgrade, the existing settings are retained when the latest files are imported.

  1. Open the Citrix Receiver GPO administrative template by running gpedit.msc
  2. Under the Computer Configuration node, go to Administrative Template > Citrix Component > Citrix Receiver > Network Routing.
  3. Select the Deprecated cipher suites policy.
  4. Select Enabled and choose from the following options:
    1. TLS_RSA_*: By default, TLS_RSA_* is selected. This option must be selected for you to use the other two cipher suites. The following ciphers suites are included when you select this option:
      1. TLS_RSA_AES256_GCM_SHA384
      2. TLS_RSA_AES128_GCM_SHA256
      3. TLS_RSA_AES256_CBC_SHA256
      4. TLS_RSA_AES256_CBC_SHA
      5. TLS_RSA_AES128_CBC_SHA
    2. TLS_RSA_WITH_RC4_128_MD5 : Select this option to use the RC4-MD5 cipher suite.
    3. TLS_RSA_WITH_RC4_128_SHA: Select this option to use the RC4_128_SHA cipher suite.
  5. Click Apply and OK.
  6. Run gpupdate /force for the changes to take effect.

The following table lists the cipher suites in each set:

localized image

Configure deprecated cipher suites