Download Citrix Workspace App For Mac

Information

Applicable Products

Citrix Workspace App 1904 for Windows and later. Also for Citrix Workspace App 1910 and later.
Note:

/ Downloads / Citrix Workspace App / Earlier Versions of Workspace app for Mac / Citrix Workspace app 2009 for Mac. On a Mac computer, the.dmg file appears in the Mac Downloads folder. Click the folder and then select the CitrixWorkspaceApp.dmg file. When prompted, open Install Citrix Workspace. Click Continue and follow the instructions provided by the Citrix Workspace Installer. Once installed, continue with Using Citrix to access applications from your Mac. Workspace forWebusing browsers StoreFront Servicessite (native) StoreFront XenApp Servicessite (native) Citrix Gatewayto Workspace forWeb (browser) Citrix Gatewayto StoreFront Servicessite (native) Anonymous Yes Yes Domain Yes Yes Yes. Yes. Domain pass-through Security token Yes. Yes. ©1999-2019CitrixSystems,Inc.Allrightsreserved. 3pp 1808 for Mac Clear fecti O se ciTR!x & Services Sign / App Earlier Citrix for Find Downloads Citrix Workspace App Search Downloads Support Resources Product Documentation Knowledge Center Support Forums e Release Date: Aug 6.2018 Compatible with Mac OS 10.11, 1012.1013 oownload Citrix workspace app for Mac MB. version: 1880 (180B) Checksums.

Citrix has deprecated weak cryptography across the board. If the configurations on the backend is not updated to support one of the 3 supported strong cipher suites, you will not be able to connect.
At least one of these is required:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
UpdateTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)


Objective

This feature is an important change to the secure communication protocol. Cipher suites with the prefix TLS_RSA_ do not offer forward secrecy and are considered weak. These cipher suites were deprecated in Citrix Receiver version 13.10 with an option for backward compatibility.

In this release, the TLS_RSA_ cipher suites have been removed entirely. Instead, this release supports the advanced TLS_ECDHE_RSA_ cipher suites. If your environment is not configured with the TLS_ECDHE_RSA_ cipher suites, client launches are not supported due to weak ciphers.

This document aims to detail the changes to the cipher suites.

What’s New?

The following advanced cipher suites are supported:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

In earlier releases, the GPO configuration that was available under the below Computer Configuration node which allowed to enable the deprecated cipher suites has been removed now.

Administrative Template > Citrix Component > Citrix Workspace > Network Routing > Deprecated Cipher Suites
The following cipher matrix provides the ciphers supported by the latest SSL SDK:

Expected failure scenarios and edge cases

  • TCP

    • OPEN mode: Session launch is not supported when the client is configured for GOV and the VDA for COM. This happens because a common cipher suite is absent.

    • FIPS/NIST(SP800-52) compliance mode: Session launch is not supported when the VDA is configured for COM the client for COM, GOV, or ANY, or the other way around. This happens because a common cipher suite is absent.
  • DTLS v1.0 supports the following cipher suites:
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV
  • DTLS v1.2 supports the following cipher suites:
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_EMPTY_RENEGOTIATION_INFO_SCSV
  • Therefore, session launch is not supported from a client configured for GOV to a VDA configured for COM. Also, fallback to TCP is not supported. When you use DTLS v1.0, session launch is not supported for clients configured for GOV because a common cipher suite is absent.
Mac.
  • DTLS does not support FIPS/NIST compliance modes.
  • DTLS v1.2 is supported by Windows 10 (1607 and later) and Windows 2016 VDAs. For more information, see Knowledge Center article https://support.citrix.com/article/CTX230010.
  • DTLS v1.2 is not supported by Citrix Gateway. This scenario can be tested only with DTLS v1.0. For Citrix Gateway ciphers troubleshooting, see Knowledge Center article https://support.citrix.com/article/CTX235509.

The following matrices provide details of internal and external network connections:
  • Matrix for internal network connections (Citrix Gateway scenario)

  • Matrix for external network connections (Citrix Gateway scenario)

Note: When NetScaler Gateway is used

  1. For the EDT to work, NetScaler Gateway must be of version 12.1 or higher since the older versions doesn't support ECDHE cipher suites in DTLS mode.

  2. NetScaler Gateway doesn't support DTLS 1.2 so TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 are not supported and NetScaler Gateway must be configured to use TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA for it to work in DTLS 1.0

Applicable Products

  • Citrix Workspace App
  • Citrix Receiver

Symptoms or Error

Citrix Workspace App and Citrix Receiver cannot launch applications automatically with Safari version 12.


Solution

SERVER SIDE CHANGES
For StoreFront deployments, modify web.config under the Receiver for Web (RfWeb) site (typically C:inetpubwwwrootCitrixStoreWeb) to activate the Citrix Receiver Launcher / Citrix Workspace App Launcher for Safari 12 and later.

1. Open web.config using your preferred text editor and locate the line : <protocolHandler enabled='true' platforms='(Macintosh|Windows NT).*((Firefox/((5[2-9]|[6789][0-9])|ddd))|(Chrome/((4[2-9]|[56789][0-9])|ddd)))' skipDoubleHopCheckWhenDisabled='false' />
2. The value of the platforms attribute is a regular expression specifying the browsers that Citrix Receiver Launcher is used for client detection and HDX launches. Change the regular expression to:

'(Macintosh|Windows NT).*((Firefox/((5[2-9]|[6789][0-9])|ddd))|(Chrome/((4[2-9]|[56789][0-9])|ddd)))|Macintosh.*Version/(1[2-9]|[2-9][0-9]).*Safari/'

3. This will add Safari 12 and later to the list of browsers that Citrix Receiver Launcher will be used.
CLIENT SIDE CHANGES

On a Mac Station running Safari 12 perform the following actions:

  • Launch Safari 12 Browser and select Safari from the Menu on top > go to Preferences and select it

  • In preferences > Select Advanced tab > check Checkbox 'Show Develop Menu in Menu Bar' (Located at the very bottom). This option will enable the Develop tab in Safari top menu

  • Close the preferences window by selecting the red circle on the top left corner
  • Go back to Safari Menu and select > Clear History

  • Then go to Safari Menu and select the Develop Tab > Empty Caches
App
  • Close All safari windows after this. Make sure no Safari Windows are left open.
  • Test using Safari 12 and browse to Storefront’s receiver for website URL.

CLIENT DETECTION BEHAVIOR ON SAFARI 12
  • Go to https://StorefrontURL/Citrix/StoreNameWeb
  • The first thing a user should see when testing going internally to Storefront’s Website is to detect Receiver/Workspace App. Please select “Detect Receiver/Workspace App”. Image below shows test using receiver.

  • The following window prompt will appear “Do you want to allow this page to open Citrix Receiver Launcher?' please select “Allow”

  • Once “Allow” is selected, no Manual interaction will be required by user. Site will automatically load to go to either “Logon Page when using explicit authentication” or it would “take you to your Apps enumeration” if SSO (Single Sign On) is enabled.
  • Once user is logged in, when trying to launch an application or desktop the following prompt will show for user to select 'Allow'

Download Citrix Workspace App 1911 For Mac



ADDITIONAL CONSIDERATIONS
  • When users are connecting internally and Storefront server is using an Internal SSL cert. Mac stations must have the CA Root and or Intermediate Certificate added to their Keychain Store in the Mac. Additionally, SSL certIFICATE must be set to Always trust / Allow. See example below:

Note: You should clear browser cache and history before the changes mentioned in this article can take effect.

Problem Cause

Download Citrix Receiver For Mac

Additional Resources

You can now use the Application probing feature to proactively monitor the health of applications enabling you to fix issues before the user actually experiences them. For more information refer to Citrix Documentation - Application probing.

Citrix Blogs - NPAPI support is being removed from Safari 12

DownloadWorkspace

Disclaimer

This software application is provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that: (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the software application be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the software application.