in NetScaler, NetScaler Gateway, Security |

Citrix Netscaler and SSL 3 “Poodle” vulnerability

Citrix just released a security advisory article regarding the SSL “poodle” vulnerability and how we can disable SSL 3.0 protocol on the Netscaler -> http://support.citrix.com/article/ctx200238

The article shows how we can disable SSL on vServers and on NSIP, MIP and SNIPs.

SSL Profiles

It is also possible to use SSL profiles, this allows us to create profiles for front-end services (vServers) and for backend services (services to the servers)

SSL profiles can be created under System –> Profiles –> SSL Profiles –> Create new

From within here we can choose what protocols we want to have enabled. Note that Citrix Receiver only supports TLS1 and not version 1.1 and 1.2 (which also cannot be used on a VPX)

ssl

After we have created an SSL profile we can bind it to a vServer.image3

Happy profiling!

 

 

Marius is an Senior architect playing around with many products, but with a primary focus on Citrix Netscaler and the Microsoft stack. He works for VAD (Value Add) distributor in norway called Commaxx @msandbu MVP | CCI | MCT | VCI | Dell Rockstar | Evangelist | Author | Speaker | Blogger |

Published

Updated

What do you think?

Comment

  1. Cool marius! Really like the SSL Profiles that are added in 10.5, makes adjusting SSL settings for a large number of vServer way more easy!

    Reply to Matthijs