Support for DTLS protocol

Notes:

• DTLSv1.0 protocol is supported on Citrix ADC MPX/SDX (N2 and N3 based), VPX, and MPX 14000 FIPS appliances. It is not supported on external HSMs.
• DTLS 1.0 protocol is supported on Citrix ADC appliances containing Intel Coleto SSL chips (from release 12.1 build 50.x).
• DTLSv1.2 protocol is supported on the front-end of Citrix ADC VPX appliances (from release 13.0 build 47.x).
• DTLS 1.2 protocol is supported on the front-end of Citrix ADC appliances containing Intel Coleto SSL chips (from release 13.0 build 52.x). For more information about the platforms containing Intel Coleto SSL chips, seeSupport for Intel Coleto SSL chip based platforms.
• Service groups of type DTLS are not supported.
• DTLSv1.2 protocol is supported on the front-end of Citrix ADC MPX (N3 based) appliances (from release 13.0 build 58.x).
• For information about Enlightened Data Transport (EDT) support for Citrix Gateway, seeHDX enlightened data transport support.
• There are changes made to the DTLS profile from release 13.0 build 79.x. For more information, seeDTLS profile.
• From release 13.0 build 82.x, a new parametermaxBadmacIgnorecountis introduced in the DTLS profile to ignore bad MAC records received in a DTLS session. For more information, seeDTLS profile.
• For information about the platforms and builds supported, seeCitrix ADC MPX hardware-software compatibility matrix

The SSL and TLS protocols have traditionally been used to secure streaming traffic. Both of these protocols are based on TCP, which is slow. Also, TLS cannot handle lost or reordered packets.

UDP is the preferred protocol for audio and video applications, such as Lync, Skype, iTunes, YouTube, training videos, and flash. However, UDP is not secure or reliable. The DTLS protocol is designed to secure data over UDP and is used for applications such as media streaming, VOIP, and online gaming for communication. In DTLS, each handshake message is assigned a specific sequence number within that handshake. When a peer receives a handshake message, it can quickly determine whether that message is the next one expected. If it is, the peer processes the message. If not, the message is queued for handling after all the previous messages have been received.

创建一个迪泰虚拟服务器和服务的类型UDP. By default, a DTLS profile (nsdtls_default_profile) is bound to the virtual server. Optionally, you can create and bind a user-defined DTLS profile to the virtual server.

Note: RC4 ciphers are not supported on a DTLS virtual server.

DTLS configuration

You can use the command line (CLI) or the configuration utility (GUI) to configure DTLS on your ADC appliance.

Note:From release 13.0 build 47.x, the DTLS 1.2 protocol is supported on the front end of a Citrix ADC VPX appliance. While configuring a DTLSv1.2 virtual server, specify DTLS12. Default is DTLS1.

At the command prompt, type:

set ssl vserver DTLS [-dtls1 ( ENABLED | DISABLED )] [-dtls12 ( ENABLED | DISABLED )]

Create a DTLS configuration by using the CLI

At the command prompt, type:

add lb vserver  DTLS   add service   UDP 443 bind lb vserver   

The following steps are optional:

add dtlsProfile dtls-profile -maxretryTime  set ssl vserver  -dtlsProfileName  

Create a DTLS configuration by using the GUI

1. Navigate toTraffic Management > Load Balancing > Virtual Servers.
2. Create a virtual server of type DTLS, and bind a UDP service to the virtual server.
3. A default DTLS profile is bound to the DTLS virtual server. To bind a different profile, in SSL Parameters, select a different DTLS profile. To create a profile, click the plus (+) next to DTLS Profile.

Support for SNI on a DTLS virtual server

For information about SNI, seeConfigure an SNI virtual server for secure hosting of multiple sites.

Configure SNI on a DTLS virtual server by using the CLI

At the command prompt, type:

set ssl vserver  -SNIEnable ENABLED bind ssl vserver  -certkeyName  -SNICert show ssl vserver  

Example:

set ssl vserver v1 -sniEnable ENABLED bind ssl vserver v1 -certkeyName san2 -sniCert bind ssl vserver v1 -certkeyName san13 –sniCert bind ssl vserver v1 -certkeyName san17 –sniCert 

ssl configurati sh ssl vserver v1先进on for VServer v1: DH: DISABLED DH Private-Key Exponent Size Limit: DISABLED Ephemeral RSA: ENABLED Refresh Count: 0 Session Reuse: ENABLED Timeout: 1800 seconds Cipher Redirect: DISABLED ClearText Port: 0 Client Auth: DISABLED SSL Redirect: DISABLED Non FIPS Ciphers: DISABLED SNI: ENABLED OCSP Stapling: DISABLED HSTS: DISABLED HSTS IncludeSubDomains: NO HSTS Max-Age: 0 DTLSv1: ENABLED Send Close-Notify: YES Strict Sig-Digest Check: DISABLED Zero RTT Early Data: DISABLED DHE Key Exchange With PSK: NO Tickets Per Authentication Context: 1 DTLS profile name: nsdtls_default_profile ECC Curve: P_256, P_384, P_224, P_521 1) CertKey Name: ca CA Certificate OCSPCheck: OptionalCA_Name Sent 2) CertKey Name: san2 Server Certificate for SNI 3) CertKey Name: san17 Server Certificate for SNI 4) CertKey Name: san13 Server Certificate for SNI 1) Cipher Name: DEFAULT Description: Default cipher list with encryption strength >= 128bit Done 

Configure SNI on a DTLS virtual server by using the GUI

1. Navigate toTraffic Management > Load Balancing > Virtual Servers.
2. Open a DTLS virtual server and, in Certificates, clickServer Certificate.
3. Add a certificate or select a certificate from the list and selectServer Certificate for SNI.
4. 在Advanced Settings, clickSSL Parameters.
5. SelectSNI Enable.

Features not supported by a DTLS virtual server

The following options cannot be enabled on a DTLS virtual server:

• SSLv2
• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2
• Push encrypt trigger
• SSLv2Redirect
• SSLv2URL

Parameters not used by a DTLS virtual server

A DTLS virtual server ignores the following SSL parameters, even if set:

• Encryption trigger packet count
• PUSH encryption trigger timeout
• SSL quantum size
• Encryption trigger timeout
• Subject/Issuer Name Insertion Format

Configure renegotiation on a DTLS service

Non-secure renegotiation is supported on a DTLS service. You can use the CLI or the GUI to configure this setting.

Configure renegotiation on a DTLS service by using the CLI

At the command prompt, type:

ssl参数设置-denysslreneg不安全的< !——需要Copy-->

Example:

set ssl parameter -denysslreneg NONSECURE sh ssl parameter Advanced SSL Parameters ----------------------- SSL quantum size : 8 KB Max CRL memory size : 256 MB Strict CA checks : NO Encryption trigger timeout : 100 ms Send Close-Notify : YES Encryption trigger packet count : 45 Deny SSL Renegotiation : NONSECURE Subject/Issuer Name Insertion Format : Unicode OCSP cache size : 10 MB Push flag : 0x0 (Auto) Strict Host Header check for SNI enabled SSL sessions : NO PUSH encryption trigger timeout : 1 ms Crypto Device Disable Limit : 0 Global undef action for control policies : CLIENTAUTH Global undef action for data policies : NOOP Default profile : DISABLED SSL Insert Space in Certificate Header : YES Disable TLS 1.1/1.2 for SSL_BRIDGE secure monitors : NO Disable TLS 1.1/1.2 for dynamic and VPN services : NO Software Crypto acceleration CPU Threshold : 0 Hybrid FIPS Mode : DISABLED Signature and Hash Algorithms supported by TLS1.2 : ALL SSL Interception Error Learning and Caching : DISABLED SSL Interception Maximum Error Cache Memory : 0 Bytes Done 

Configure renegotiation on a DTLS service by using the GUI

1. Navigate toTraffic Management > Load Balancing > Services.
2. Select a DTLS service and clickEdit.
3. Navigate toSSL>Advanced Settings.
4. SelectDeny SSL Renegotiation.

Features not supported by a DTLS service

The following options cannot be enabled on a DTLS service:

• SSLv2
• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2
• Push encrypt trigger
• SSLv2Redirect
• SSLv2URL
• SNI
• Secure renegotiation

Parameters not used by a DTLS service

A DTLS service ignores the following SSL parameters, even if set:

• Encryption trigger packet count
• PUSH encryption trigger timeout
• SSL quantum size
• Encryption trigger timeout
• Subject/Issuer Name Insertion Format

Note:

SSL session reuse handshake fails on a DTLS service because session reuse is not currently supported on DTLS services.

Workaround:Manually disable session reuse on a DTLS service. At the CLI, type:

set ssl service -sessReuse DISABLED

DTLS profile

A DTLS profile with the default settings is automatically bound to a DTLS virtual server. However, you can create a DTLS profile with specific settings to suit your requirement.

Use a DTLS profile with a DTLS virtual server or a VPN DTLS virtual server. You cannot use an SSL profile with a DTLS virtual server.

Note:

迪泰改变记录的最大大小设置profile based on the changes in MTU and packet size. For example, the default max record size of 1459 bytes is calculated based on an IPv4 address header size. With IPv6 records, the header size is larger and therefore the maximum record size must be reduced to meet the following criteria.

max record size + UDP header(8bytes) + IP header size < MTU

Example:

Default DTLS profile 1) Name: nsdtls_default_profile PMTU Discovery: DISABLED Max Record Size: 1459 bytes Max Retry Time: 3 sec Hello Verify Request: ENABLED Terminate Session: DISABLED Max Packet Count: 120 bytes Custom DTLS profile 1) Name: ns_dtls_profile_ipv6_1 PMTU Discovery: DISABLED Max Record Size: 1450 bytes Max Retry Time: 3 sec Hello Verify Request: ENABLED Terminate Session: DISABLED Max Packet Count: 120 bytes 

Create a DTLS profile by using the CLI

Notes:From release 13.0 build 79.x, the changes to the DTLS profile are as follows:

• Thehelloverifyrequestparameter is enabled by default. Enabling this parameter helps mitigate the risk of an attacker or bots overwhelming the network throughput, potentially leading to outbound bandwidth exhaustion. That is, it helps mitigate the DTLS DDoS amplification attack.
• ThemaxHoldQlenparameter is added. This parameter defines the number of datagrams that can be queued at the DTLS layer for processing. A high value of themaxHoldQlenparameter can cause memory buildup at the DTLS layer if UDP multiplexing is transmitting high UDP traffic. Therefore, configuring a lower value is recommended. Minimum value is 32, maximum value is 65535, and default value is 32.

From release 13.0 build 82.x, a new parametermaxBadmacIgnorecountis introduced in the DTLS profile to ignore bad MAC records received in a DTLS session. Using this parameter, bad records up to the value set in the parameter are ignored. The appliance terminates the session only after the limit is reached and sends an alert. This parameter setting is effective only when theterminateSessionparameter is enabled.

ssl dtlsProfile  -maxRetryTime  -helloVerifyRequest ( ENABLED | DISABLED ) -terminateSession (ENABLED | DISABLED ) -maxHoldQLen  -maxBadmacIgnorecount  helloVerifyRequest Send a Hello Verify request to validate the client. Possible values: ENABLED, DISABLED Default value: ENABLED terminateSession Terminate the session if the message authentication code (MAC) of the client and server do not match. Possible values: ENABLED, DISABLED Default value: DISABLED maxHoldQLen Maximum number of datagrams that can be queued at DTLS layer for processing Default value: 32 Minimum value: 32 Maximum value: 65535 maxBadmacIgnorecount Maximum number of bad MAC errors to ignore for a connection prior disconnect. Disabling parameter terminateSession terminates session immediately when bad MAC is detected in the connection. Default value: 100 Minimum value: 1 Maximum value: 65535 

Example:

> add ssl dtlsprofile dtls_profile -maxRetryTime 4 -helloVerifyRequest ENABLED -terminateSession ENABLED -maxHoldQLen 40 -maxBadmacIgnorecount 150 Done > sh dtlsprofile dtls_profile 1) Name: dtls_profile PMTU Discovery: DISABLED Max Record Size: 1459 bytes Max Retry Time: 4 sec Hello Verify Request: ENABLED Terminate Session: ENABLED Max Packet Count: 120 bytes Max HoldQ Size: 40 datagrams Max bad-MAC Ignore Count: 150 Done 

Create a DTLS profile by using the GUI

1. Navigate toSystem > Profiles > DTLS Profilesand clickAdd.

2. 在theCreate DTLS Profilepage, type values for the different parameters.

   

3. ClickCreate.

Example for an end-to-end DTLS configuration

启用SSL磅增加服务器s1 198.51.100 ns特性。2 en ns mode usnip add service svc_dtls s1 DTLS 443 add lb vserver v1 DTLS 10.102.59.244 443 bind ssl vserver v1 -ciphername ALL add ssl certkey servercert -cert servercert_aia_valid.pem -key serverkey_aia.pem bind ssl vserver v1 -certkeyname servercert bind lb vserver lb1 svc_dtls sh lb vserver v1 v1 (10.102.59.244:4433) - DTLS Type: ADDRESS State: UP Last state change was at Fri Apr 27 07:00:27 2018 Time since last state change: 0 days, 00:00:04.810 Effective State: UP Client Idle Timeout: 120 sec Down state flush: ENABLED Disable Primary Vserver On Down : DISABLED Appflow logging: ENABLED No. of Bound Services : 1 (Total) 0 (Active) Configured Method: LEASTCONNECTION Current Method: Round Robin, Reason: A new service is bound BackupMethod: ROUNDROBIN Mode: IP Persistence: NONE L2Conn: OFF Skip Persistency: None Listen Policy: NONE IcmpResponse: PASSIVE RHIstate: PASSIVE New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0 Mac mode Retain Vlan: DISABLED DBS_LB: DISABLED Process Local: DISABLED Traffic Domain: 0 TROFS Persistence honored: ENABLED Retain Connections on Cluster: NO 1) svc_dtls (10.102.59.190: 4433) - DTLS State: UP Weight: 1 Done sh ssl vserver v1 Advanced SSL configuration for VServer v1: DH: DISABLED DH Private-Key Exponent Size Limit: DISABLED Ephemeral RSA: ENABLED Refresh Count: 0 Session Reuse: ENABLED Timeout: 1800 seconds Cipher Redirect: DISABLED ClearText Port: 0 Client Auth: DISABLED SSL Redirect: DISABLED Non FIPS Ciphers: DISABLED SNI: DISABLED OCSP Stapling: DISABLED HSTS: DISABLED HSTS IncludeSubDomains: NO HSTS Max-Age: 0 DTLSv1: ENABLED Send Close-Notify: YES Strict Sig-Digest Check: DISABLED Zero RTT Early Data: DISABLED DHE Key Exchange With PSK: NO Tickets Per Authentication Context: 1 DTLS profile name: nsdtls_default_profile ECC Curve: P_256, P_384, P_224, P_521 1) CertKey Name: servercert Server Certificate 1) Cipher Name: DEFAULT Description: Default cipher list with encryption strength >= 128bit 2) Cipher Name: ALL Description: All ciphers supported by NetScaler, excluding NULL ciphers Done sh service svc_dtls svc_dtls (10.102.59.190:4433) - DTLS State: UP Last state change was at Fri Apr 27 07:00:26 2018 Time since last state change: 0 days, 00:00:22.790 Server Name: s1 Server ID : None Monitor Threshold : 0 Max Conn: 0 Max Req: 0 Max Bandwidth: 0 kbits Use Source IP: NO Client Keepalive(CKA): NO Access Down Service: NO TCP Buffering(TCPB): NO HTTP Compression(CMP): NO Idle timeout: Client: 120 sec Server: 120 sec Client IP: DISABLED Cacheable: NO SC: OFF SP: OFF Down state flush: ENABLED Monitor Connection Close : NONE Appflow logging: ENABLED Process Local: DISABLED Traffic Domain: 0 1) Monitor Name: ping-default State: UP Weight: 1 Passive: 0 Probes: 5 Failed [Total: 0 Current: 0] Last response: Success - ICMP echo reply received. Response Time: 2.77 millisec Done sh ssl service svc_dtls Advanced SSL configuration for Back-end SSL Service svc_dtls: DH: DISABLED DH Private-Key Exponent Size Limit: DISABLED Ephemeral RSA: DISABLED Session Reuse: ENABLED Timeout: 1800 seconds Cipher Redirect: DISABLED ClearText Port: 0 Server Auth: DISABLED SSL Redirect: DISABLED Non FIPS Ciphers: DISABLED SNI: DISABLED OCSP Stapling: DISABLED DTLSv1: ENABLED Send Close-Notify: YES Strict Sig-Digest Check: DISABLED Zero RTT Early Data: ??? DHE Key Exchange With PSK: ??? Tickets Per Authentication Context: ??? DTLS profile name: nsdtls_default_profile ECC Curve: P_256, P_384, P_224, P_521 1) Cipher Name: DEFAULT_BACKEND Description: Default cipher list for Backend SSL session Done > sh dtlsProfile nsdtls_default_profile 1) Name: nsdtls_default_profile PMTU Discovery: DISABLED Max Record Size: 1459 bytes Max Retry Time: 3 sec Hello Verify Request: DISABLED Terminate Session: ENABLED Max Packet Count: 120 bytes Max HoldQ Size: 32 datagrams Max bad-MAC Ignore Count: 10 Done 

DTLS support for IPv6 address

迪泰也支持IPv6地址。但仍r, to use DTLS with IPv6 addresses the maximum record size must be adjusted in the DTLS profile.

If the default value is used for the maximum record size, the initial DTLS connection might fail. Adjust the maximum record size using a DTLS profile.

DTLS cipher support

By default, a DTLS cipher group is bound when you create a DTLS virtual server or service. DEFAULT_DTLS contains the ciphers that a front-end DTLS entity supports. This group is bound by default when you create a DTLS virtual server. DEFAULT_DTLS_BACKEND contains the ciphers that are supported to a back-end DTLS entity. This group is bound by default to a DTLS back-end service. DTLS_FIPS contains the ciphers that are supported on the Citrix ADC FIPS platform. This group is bound by default to a DTLS virtual server or service created on a FIPS platform.

DTLS cipher support on Citrix ADC VPX, MPX/SDX (N2 and N3 based) appliances

How to read the tables:

Unless a build number is specified, a cipher suite is supported for all builds in a release.

Example:

• 10.5, 11.0, 11.1, 12.0, 12.1, 13.0: All builds of 10.5, 11.0, 11.1, 12.0, 12.1, 13.0 releases.
• -NA-: not applicable.

DTLS cipher support on Citrix ADC VPX, MPX/SDX (N2 and N3 based) appliances

To view the list of default ciphers supported on the front end, at the command prompt, type:

show ssl cipher DEFAULT_DTLS 1) Cipher Name: TLS1-AES-256-CBC-SHA Priority : 1 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0035 2) Cipher Name: TLS1-AES-128-CBC-SHA Priority : 2 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x002f 3) Cipher Name: TLS1-ECDHE-RSA-AES256-SHA Priority : 3 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0xc014 4) Cipher Name: TLS1-ECDHE-RSA-AES128-SHA Priority : 4 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0xc013 5) Cipher Name: TLS1-DHE-RSA-AES-256-CBC-SHA Priority : 5 Description: SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0039 6) Cipher Name: TLS1-DHE-RSA-AES-128-CBC-SHA Priority : 6 Description: SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x0033 7) Cipher Name: TLS1-ECDHE-RSA-DES-CBC3-SHA Priority : 7 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0xc012 8) Cipher Name: SSL3-DES-CBC3-SHA Priority : 8 Description: SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0x000a 

To view the list of default ciphers supported on the back end, at the command prompt, type:

show ssl cipher DEFAULT_DTLS_BACKEND 1) Cipher Name: TLS1-AES-256-CBC-SHA Priority : 1 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0035 2) Cipher Name: TLS1-AES-128-CBC-SHA Priority : 2 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x002f 3) Cipher Name: TLS1-ECDHE-RSA-AES256-SHA Priority : 3 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0xc014 4) Cipher Name: TLS1-ECDHE-RSA-AES128-SHA Priority : 4 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0xc013 5) Cipher Name: TLS1-DHE-RSA-AES-256-CBC-SHA Priority : 5 Description: SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0039 6) Cipher Name: TLS1-DHE-RSA-AES-128-CBC-SHA Priority : 6 Description: SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x0033 7) Cipher Name: TLS1-ECDHE-RSA-DES-CBC3-SHA Priority : 7 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0xc012 8) Cipher Name: SSL3-DES-CBC3-SHA Priority : 8 Description: SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0x000a 

DTLS cipher support on the Citrix ADC MPX 14000 FIPS platform

Note: Enlightened Data Support (EDT) is supported on the FIPS platform if the following conditions are met:

• UDT MSS value set on StoreFront is 900.
• Windows client version is 4.12 or later.
• DTLS enabled VDA version is 7.17 or later.
• Non-DTLS VDA version is 7.15 LTSR CU3 or later.

How to read the tables:

Unless a build number is specified, a cipher suite is supported for all builds in a release.

Example:

• 10.5, 11.0, 11.1, 12.0, 12.1, 13.0: All builds of 10.5, 11.0, 11.1, 12.0, 12.1, 13.0 releases.
• -NA-: not applicable.

To view the list of default ciphers supported on a Citrix ADC FIPS appliance, at the command prompt, type:

show ssl cipher DTLS_FIPS 1) Cipher Name: TLS1-AES-256-CBC-SHA Priority : 1 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0x0035 2) Cipher Name: TLS1-AES-128-CBC-SHA Priority : 2 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0x002f 3) Cipher Name: TLS1-ECDHE-RSA-AES256-SHA Priority : 3 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0xc014 4) Cipher Name: TLS1-ECDHE-RSA-AES128-SHA Priority : 4 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(128) Mac=SHA1 HexCode=0xc013 5) Cipher Name: TLS1-ECDHE-RSA-DES-CBC3-SHA Priority : 5 Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0xc012 6) Cipher Name: SSL3-DES-CBC3-SHA Priority : 6 Description: SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 HexCode=0x000a 

DTLSv1.2 cipher support on the front-end VPX appliances, MPX/SDX (Coleto and N3 based) appliances

The following table lists the additional ciphers supported for the DTLSv1.2 protocol.