Citrix ICA Encryption over a Wireless Network - Help Needed!
Ladies/Gents,
I attended the Citrix CCA PS4.5 course during the tail end of last year and one of my questions was with regards to ICA SSL encryption over a wireless network.
In short I was told that this is how it works:-
Laptop
> Packets Encrypted by Wireless protocol (WEP/WPA) ----> Router
> Packets 128bit SSL encrypted over the Internet --> Citrix Servers
This would therefore mean that packets travelling between the router and the client machine (laptop in this example) were only encrypted by WEP/WPA and not the 128BIT SSL.
Can you confirm whether this would be correct? The way I always understood this was that the client would decrypt the SSL with the private key from the certificate. If this scenario were true that would mean that the router decrypts the packets and then re-encrypts them with WEP/WPA.
Thanks in advance.
Luke
I attended the Citrix CCA PS4.5 course during the tail end of last year and one of my questions was with regards to ICA SSL encryption over a wireless network.
In short I was told that this is how it works:-
Laptop
> Packets Encrypted by Wireless protocol (WEP/WPA) ----> Router
> Packets 128bit SSL encrypted over the Internet --> Citrix Servers
This would therefore mean that packets travelling between the router and the client machine (laptop in this example) were only encrypted by WEP/WPA and not the 128BIT SSL.
Can you confirm whether this would be correct? The way I always understood this was that the client would decrypt the SSL with the private key from the certificate. If this scenario were true that would mean that the router decrypts the packets and then re-encrypts them with WEP/WPA.
Thanks in advance.
Luke
Comments
-
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Just a guess, but I think that the SSL would apply in addition to the WEP/WPA between the laptop and Access Point.
The encryption/decryption for SSL is end-to-end.All things are possible, only believe. -
LukeQuake
Member Posts: 579 ■■■□□□□□□□
This is what I initially thought but when quizzing the tutor he specifically said what I detailed above. The reason I'm asking is that it's just come up at work and I'm trying to ensure that all users are using at least WPA rather than WEP and need to explain the risks when using Citrix. -
ajs1976
Member Posts: 1,945 ■■■■□□□□□□
My understanding is the the ICA encryption is between the ICA client on the PC and the Presentation server.Andy
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
Your instructor was wrong then.
With that said, Andy is correct in that ICA encryption (SecureICA) is ICA Client <-> Presentation Server (end-to-end) but it's not SSL based. Its also not recommended for use over public networks (the internet).
Citrix support SSL (and TLS) encryption through either the Citrix SSL Relay service (free), Citrix Secure Gateway (free) or Citrix Access Gateway (hardware appliance) in which case the encryption is between the ICA client and the Presentation Servers (if they are all running SSL Relay - its really designed for internal use as a replacement for SecureICA) or between the ICA client and the Secure Gateway/CAG.