in NetScaler, NetScaler Gateway, Security

Citrix Netscaler and SSL 3 “Poodle” vulnerability

Citrix just released a security advisory article regarding the SSL “poodle” vulnerability and how we can disable SSL 3.0 protocol on the Netscaler ->

The article shows how we can disable SSL on vServers and on NSIP, MIP and SNIPs.

SSL Profiles

It is also possible to use SSL profiles, this allows us to create profiles for front-end services (vServers) and for backend services (services to the servers)

SSL profiles can be created under System –> Profiles –> SSL Profiles –> Create new

From within here we can choose what protocols we want to have enabled. Note that Citrix Receiver only supports TLS1 and not version 1.1 and 1.2 (which also cannot be used on a VPX)


After we have created an SSL profile we can bind it to a vServer.image3

Happy profiling!



What do you think?


  1. Cool marius! Really like the SSL Profiles that are added in 10.5, makes adjusting SSL settings for a large number of vServer way more easy!