Jump to content
Welcome to our new Citrix community!

Impact on Disable SSLv2, SSLv3 and TLS 1.0 protocols on Netscalar

Ramesh Mandala

Recommended Posts

you can disable them per vip  like this:


set ssl vserver vip_mame -ssl3 DISABLED

or by using a ssl profile.


As the protocols are pretty old i think it is safe to disable all of them.

Right now  everybody is suing TLS1.2.  Next version TLS1.3 is starting to be implemented. (for example Cloudflare is already using it: https://www.cloudflare.com/learning-resources/tls-1-3/)



Link to comment
Share on other sites

if you go to SSLLabs.com, you can test your website: it will then list what protocols different clients would use to connect to you: if you mentally remove any that will only work with TLS1.0 etc, you'll know what will continue to work.


I put together a short article on how to set up an SSL Profile to score an A+ at SSL Labs, you are welcome to download it: https://www.dropbox.com/s/iqpwr3d0zfteab4/Getting A%2B at SSLLabs - August 2019.docx?dl=0


(I guess it needs another update, to trim down the ciphers, and to disable TLS 1.0!)


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...