ADC

Server certificate support matrix on the ADC appliance

December 16, 2021

Contributed by:

S S

From release 13.0 build 41.x, the ADC appliance supports server certificate messages that are fragmented into more than one record if the total size is within 32 KB. Earlier, the maximum supported size was 16 KB and fragmentation was not supported.

The Citrix ADC appliance supports the following server certificates.

Table 1: Support on front-end (FE) and back-end (BE) service

Server certificate/Platform	MPX/SDX (N2 CHIPS) FE	MPX/SDX (N2 CHIPS) BE	MPX/SDX (N3 CHIPS) FE	MPX/SDX (N3 CHIPS) BE	VPX FE	VPX BE
MD5	Y	Y	Y	Y	Y	Y
SHA1	Y	Y	Y	Y	Y	Y
SHA224	Y	Y	Y	Y	Y	Y
SHA256	Y	Y	Y	Y	Y	Y
SHA384	Y	Y	Y	Y	Y	Y
SHA512	Y	Y	Y	Y	Y	Y
RSA Key	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits
DH Key	1024 bits and 2048 bits	1024 bits and 2048 bits	1024 bits and 2048 bits	1024 bits and 2048 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits

Server certificate/Platform	MPX 9700/10500/12500/15500 FIPS with FW 2.2 FE	MPX 9700/10500/12500/15500 FIPS with FW 2.2 BE	MPX/SDX 14030/14060/14080 FIPS FE	MPX/SDX 14030/14060/14080 FIPS BE
MD5	Y	Y	Y	Y
SHA1	Y	Y	Y	Y
SHA224	Y	Y	Y	Y
SHA256	Y	Y	Y	Y
SHA384	Y	Y	Y	Y
SHA512	Y	Y	Y	Y
RSA Key	2048 bits	2048 bits	2048 bits and 3072 bits	2048 bits and 3072 bits
DH Key	N	N	N	N

Notes

4k certificates require higher CPU cycles and might affect the performance of low-end appliances.

In release 11.1 and earlier, a Citrix ADC appliance supports the following “signature algorithms” extensions in the back end client hello message: RSA-MD5, RSA-SHA1, and RSA-SHA256. The Citrix ADC appliance does not support SHA 384 and SHA 512 signature algorithms extensions. Therefore some servers, such as Windows IIS servers, reset the connection.

Starting release 12.0, a Citrix ADC appliance supports all the signature_algorithms extensions.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Server certificate support matrix on the ADC appliance

December 16, 2021

Contributed by:

S S

December 16, 2021

Contributed by:

S S

Server certificate support matrix on the ADC appliance

In this article