Jump to content
Welcome to our new Citrix community!

NetScaler VPX Gateway SSLv3 and SSL1.0 Disabling best practices


Recommended Posts

Hi All

 

A scan picked up some Vuls regarding SSLv3 and 1.0 on my NetScaler VPX Gateway so I would like assistance on how best to disable these completely but more important is the WHERE exactly must it be done?

On the NetScaler Gateway->Virtual Server/s Tab OR/as well as Traffic Management->Content Switching Virtual Servers Tab?

 

Thanks

Rajin

Link to comment
Share on other sites

1 hour ago, Rajin Bhaga1709159425 said:

Hi All

 

A scan picked up some Vuls regarding SSLv3 and 1.0 on my NetScaler VPX Gateway so I would like assistance on how best to disable these completely but more important is the WHERE exactly must it be done?

On the NetScaler Gateway->Virtual Server/s Tab OR/as well as Traffic Management->Content Switching Virtual Servers Tab?

 

Thanks

Rajin

Hi Rajin

 

you will first need to list all the resources that are externally accessible through LBVS, Content Switching, NSGW

For each of those you will need to manually disable the SSL V3 and TLS 1.0

 

Thanks

Arnaud

Link to comment
Share on other sites

1 hour ago, Carl Stalhood1709151912 said:

For Unified Gateway, you do it at the Content Switch. But there's no harm in disabling it at both locations.

Hi Carl/Arnaud

 

Does a configured & in place SSL Profile with SSLv2, SSLv3 and TLS 1.0 disabled override the SSL Parameters options?

Reason being, after creating and applying the configured SSL Profile, if I try to also go edit the Parameters options, it gives an error stating "Ambiguous Argument value"

 

So I take it that even if the SSL Parameters options has the SSL V3 Ticked, its overwritten if a SSL Profile with it disabled is already applied?

 

Thanks

Rajin

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...