Citrix Receiver Mac Latest Version

Posted on |



Upgrading to latest Receiver or Citrix Workspace App To ensure successful connection to Citrix Workspace from user endpoint devices, the version of Citrix Receiver installed must be equal to or greater than the versions listed below that support TLS 1.2.

downloadWhy can't I download this file?

Beginning August 2018, Citrix Receiver will be replaced by Citrix Workspace app. While you can still download older versions of Citrix Receiver, new features and enhancements will be released for Citrix Workspace app. Citrix Workspace app is a new client from Citrix that works similar to Citrix Receiver and is fully backward-compatible with. The drilldown provides additional information like Session Reliability or Auto Client Reconnect, time stamps, Endpoint IP, and Endpoint Name of the machine where the Workspace app is installed. This feature is available for Citrix Workspace app for Windows, Citrix Workspace app for Mac, Citrix Receiver for Windows, and Citrix Receiver for Mac.

Applicable Products

  • Citrix ADC
  • Receiver

Symptoms or Error

When attempting to connect to an Application or Desktop using Citrix Receiver for Windows 4.7 or Citrix Receiver for Mac 12.5, or Receiver for Android 3.12.2/3.12.3 or Citrix Receiver for Linux 13.6, you may see these errors.

  • Error “The Remote SSL peer send a handshake failure alert”
  • Error “Cannot connect to the Citrix XenApp Server. SSL Error 4: The operation completed successfully” or
  • Error “Cannot connect to the Citrix XenApp Server. SSL Error 47: An unclassified SSL network error occurred”
  • Error “TLS handshake failure, the TLS version configured may not match the version used by the server.”
  • Error “General problem”

Citrix has identified a behavior with Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Android 3.12.2/3.12.3, and Receiver for Linux 13.6, which prevents connections via some specific NetScaler firmware versions. The following table covers the NetScaler builds which are affected.

Release trainAffected Builds Notes
10.550.10, 51.10, 52.11Interoperability issue is found on all NetScaler MPX and SDX* appliances on these builds.
10.5.e51.1017.e, 52.1115.e
10.1124.13, 125.9, 126.12, 127.10, 128.8, 129.11, 129.22, 130.10, 130.11, 130.13, 131.11, 132.8, 133.9, 134.9
10.1.e124.1308.e, 126.1203.e, 127.1007.e, 128.8003.e, 129.1105.e, 130.1302.e
* On SDX appliances connection failure would happen when SSL chips are assigned to VPX instance(s).
Note:
  1. No interoperability issue found with NetScaler VPX and FIPS appliances.
  2. All NetScaler 12.0/11.1/11.0 builds are safe from interoperability issue.

Solution

If you are using any of the above mentioned builds, Citrix recommends to upgrade to the latest build in each respective release. For example if you are using Netscaler 10.5 Build 50.10, you should upgrade to Netscaler 10.5 Build 65.11

Release trainRecommended build Release date
10.565.11 Feb 5, 2017
10.5.e60.7004.eMar 31, 2016
10.1135.12Oct 24, 2016
10.1.e10.5 65.11Feb 5, 2017
Note : You can verify the NetScaler software version by running the following command: show ns version

Problem Cause

The issue is due to a defect in some builds of NetScaler where SSL handshake fails if a client hello message includes an ECC extension but the NetScaler appliance does not support any of the ECDHE ciphers in the cipher list sent by the client. The handshake fails even if the list contains some non-ECDHE ciphers that are supported.

Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Android 3.12.2/3.12.3 and Receiver for Linux 13.6 introduce these ECDHE ciphers which trigger this defect.

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Citrix Receiver Mac Latest Version

Additional Resources

CTX224709 - Error: 'You have not chosen to trust '...' When Launching Applications Using Receiver Through NetScaler Gateway

Latest Version Of Citrix Receiver For Mac

downloadWhy can't I download this file?
  • Citrix Virtual Apps and Desktops

Objective

To improve the security of connections to Citrix Cloud, Citrix will block any communication over Transport Layer Security (TLS) 1.0 and 1.1 as of March 15, 2019.
Upgrading to latest Receiver or Citrix Workspace App
Retrieving a list of users connecting on older Receiver versions
Citrix Cloud Management
Citrix Director
Citrix Cloud Connector
Troubleshooting
Refer to the following article to configure Citrix Gateway for Citrix Endpoint Management:
Citrix Endpoint Management TLS Version Deprecation

Instructions

Upgrading to latest Receiver or Citrix Workspace App

To ensure successful connection to Citrix Workspace from user endpoint devices, the version of Citrix Receiver installed must be equal to or greater than the versions listed below that support TLS 1.2.

Receiver

Version

Windows

4.2.1000

Mac

12.0

Linux

13.2

Android

3.7

iOS

7.0

Chrome/HTML5

Latest (Browser must support TLS 1.2)

Citrix recommends upgrading to Citrix Workspace app if your version of Receiver is earlier than those listed above. Download here: https://www.citrix.com/products/receiver.html
Thin Clients with Earlier Receiver Versions
If you are using Thin Clients with earlier versions of Citrix Receiver that cannot be updated, install an on-prem StoreFront in your resource location and have all of the Citrix Receivers point to it.

Retrieving a list of users connecting on older Receiver versions

To retrieve a list of Receivers connecting to your Citrix Cloud environment, log into Citrix Cloud and click the Manage button for the Virtual Apps and Desktops service. The details include user, version, connection date, and endpoint device name.

Virtual Apps and Desktops (Full Edition)

Citrix Receiver For Mac Latest Version

  1. Click Monitor > Trends > Custom Reports > Create Reports.

  2. Select OData Query, provide a report name, and copy/paste the following query (change date range as needed).

  3. Click Save, and then Execute to open the list in Excel.

    Sessions?$filter = StartDate ge datetime'2019-02-01’ and StartDate le datetime'2019-03-31'&$select = CurrentConnection/ClientVersion,CurrentConnection/ClientName,User/UserName,StartDate&$expand = CurrentConnection,User

  1. Click Monitor, and then select a catalog.

  2. Click Export to open the list in Excel.

Citrix Cloud Management

To ensure successful connection to the Citrix Cloud management console (citrix.cloud.com), your browser must support TLS 1.2 (latest version of most web browsers).

Citrix Director

TLS 1.2 connection will be required when using OData APIs. To enforce use of TLS 1.2 on the client machine for clients such as MS Excel, PowerShell, LinqPad, refer to the following KB article: https://support.citrix.com/article/CTX245765

Citrix Cloud Connector

All connections to Citrix Cloud services from Citrix Cloud Connectors will require TLS 1.2. Citrix Provisioning and Machine Creation Services will allow TLS 1.0, 1.1, and TLS 1.2 connections by default (no action required) until later this year when it will change to TLS 1.2 only.

Note: If your security policy requires strict enforcement of TLS 1.2 connections, the following registry setting changes are required on each Citrix Cloud Connector.

.NET

[HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoft.NETFrameworkv2.0.50727]
'SchUseStrongCrypto'=dword:00000001

Citrix Receiver Mac Versions

[HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoft.NETFrameworkv4.0.30319]
'SchUseStrongCrypto'=dword:00000001
[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727]

Citrix Receiver For Mac Latest Version

'SchUseStrongCrypto'=dword:00000001
[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]
'SchUseStrongCrypto'=dword:00000001
Citrix Receiver Mac Latest Version

SCHANNEL

Citrix
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server]
'Enabled'=dword:00000000
'DisabledByDefault'=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Client]
'Enabled'=dword:00000000
'DisabledByDefault'=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server]
'Enabled'=dword:00000000
'DisabledByDefault'=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
'Enabled'=dword:00000001
'DisabledByDefault'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
'Enabled'=dword:00000001
'DisabledByDefault'=dword:00000000

For more details, refer to the Microsoft article “Transport Layer Security (TLS) best practices with the .NET Framework”, section “SystemDefaultTlsVersions” https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#systemdefaulttlsversion

Troubleshooting

Since Citrix Cloud supports only TLS 1.2 and above, all clients accessing any data from Citrix Services with TLS versions 1.0 and 1.1 will see one of the following errors:

Director

Error:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Refer to the following article to configure clients for TLS 1.2 communication:
https://support.citrix.com/article/CTX245765

Receiver

Error:
'Unable to launch your app....Cannot connect to the Citrix XenApp server. SSL Error 4... The server rejected the connection.'
Refer to Upgrading to latest Receiver or Citrix Workspace app above.

Connector

If your Citrix Cloud Connector machine is not able to establish a connection with Citrix Cloud after Mar 15, 2019, check the following registry key to ensure TLS 1.2 is not disabled:
HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL
More details:
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
Note: Internet Explorer group policy settings also control the values found in SCHANNEL registry key; Internet Explorer > Internet Properties can be used to check enabled/disabled protocols.