Jump to content
Welcome to our new Citrix community!

NMAS StyleBook cipher configuration


Recommended Posts

On 3/1/2018 at 7:51 PM, Max Lindqvist1709152463 said:

Hi,

Simple question. Does anyone know how to unbind/remove a ciphergroup using StyleBooks?

I just cannot figure it out.

you can delete the stylebook config pack where you have configured that group which in turn will remove the cipher group including its binding.Can you share your stylebook?

  

 

Link to comment
Share on other sites

Sorry, I wasn't clear enough.

This is when I create a new SSL vserver using a StyleBook. It then automatically gets the "DEFAULT" cipher group and I don't want that.

 

I tried to paste the StyleBook parts here but the formatting gets totally screwed up (I guess due to the YAML space based formatting..).

So, to be more clear.

1. I create a ciphersuite (group).

2. I bind ciphers to that suite.

3. I create a ssl vserver.

4. I bind the sipher suite to that vserver.

 

This gives me a vserver with the DEFAULT cipher group AND my own bound to it and I don't want the DEFAULT to be bound.

Link to comment
Share on other sites

This is the component which is creating the binding.

 

  - 
    name: aaa-external-settings-sslciphersuite-binding
    type: ns::sslvserver_sslciphersuite_binding
    description: SSL Cipher group binding
    properties:
      ciphername: APLUS
      vservername: "aaa_sys_external_______________"
 

A corresponding "ciphername: !DEFAULT" or something like that would be useful.

Link to comment
Share on other sites

  • 8 months later...

Yikes, I came across that problem also. This is a very very important feature that definitly is needed imho.

Any update on the progress in the discussions with your leads yet?

 

By the way this also renders the SSL settings in Citrix's default Stylebooks useless because whichever ciphers will be added, the weak DEFAULT set will hit first.

Link to comment
Share on other sites

  • 11 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...