I know if we leave full RC5 encryption there is no way to get user information from those packets, but my Citrix team asked about using "
Based on the description this setting is still going to keep us from getting the user identification, but I wanted to check with other parties to see if my assumption is correct.
Answer by Wojciech K. ·
Logon only RC5 encryption will still render the session impossible to decode. This is caused by the fact, that the session data is also compressed and compression comes after encryption. When the initial (logon) session stage will be encrypted with RC5 we will lose part of the decompression history and will be unable to perform any further decoding.
In theory this should be possible with compression disabled, but I believe that currently the decode will still stop session decoding at the moment RC5 is activated (since compression is almost always enabled).
However as far as I know, Citrix doesn't recommend using RC5 encryption as it is highly vulnerable to man-in-the-middle attacks and recommends using SSL instead.
Correlate citrix sessions 4 Answers