Product Documentation

Citrix Receiver and Plug-in Security

Sep 15, 2015

Users can work with applications running on XenApp servers when the Receiver or the online plug-in is installed on their user devices. Users can access applications from virtually any type of user device over many types of network connections, including LAN, WAN, dial-up, virtual private network (VPN) and direct asynchronous connections. Because the applications are not downloaded to user devices (as is the case with the more traditional network architecture), application performance is not limited by bandwidth or device performance.

The Receiver is available for Windows, Windows CE, Macintosh, Linux, Solaris, Android, Blackberry, and iOS operating systems, as well as the Java Runtime Environment. Additionally, you can use the online plug-in Web with web browsers that support ActiveX controls or Netscape plug-ins.

Receiver for Windows and the online plug-in use cryptographic modules provided by the operating system. Other plug-ins, including Receiver for Java, contain their own cryptographic modules. Receiver for Java can, therefore, be used on older Windows operating systems that do not support strong encryption.

The Standards Summary table lists the latest versions of the Receiver available on various platforms and indicates whether each plug-in is FIPS 140 compliant, supports TLS, uses 3DES or AES government ciphersuites, supports certificate revocation checking, includes smart card support, or supports Kerberos authentication.

Standards Summary

For a list of the security standards relevant to the Receiver and the online plug-in, see http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-receiver-feature-matrix.pdf.

Root Certificate Source

The table below shows the root certificate source for each version of the Receiver or online plug-in.

Plug-in type Root certificate source
Receiver for Windows 3.0 operating system certificate store
Receiver for Windows CE for Windows-Based Terminals 11.02 operating system certificate store
Receiver for Windows CE for Handheld and Pocket PCs 11.02 operating system certificate store
Receiver for Macintosh 11.3 operating system certificate store
Receiver for Linux 12.1 bundled with the plug-in
Receiver for Sun Solaris 8.63 bundled with the plug-in
Receiver for Java 10.1

Java keystore (Java 1.4.x)

Java keystore or operating system certificate store (Java 1.5.x or later)

Receiver for Android 2.1 Android keystore
Receiver for BlackBerry 2.1 operating system certificate store
Receiver for Playbook 1.0 bundled with the plug-in
Receiver for iOS 4.2.3
online plug-in 12.1 operating system certificate store
online plug-in Web 12.1 operating system certificate store