John Francis1709160537 Posted April 14, 2020 Share Posted April 14, 2020 How do we disable the following in XenMobile 10.10. Do we do this on the XenMobile servers or the Netscaler ADC? • 112-Bit Encryption Algorithms. • SSL RC4 Cipher Suites. • SSL Medium Cipher Suites (3DES). • SSL / TLS Diffie Hellman Modulus <= 1024 bits. • TLS Version 1.0. Link to comment
1 ArnaudP1 Posted April 16, 2020 Share Posted April 16, 2020 7 hours ago, John Francis1709160537 said: Hello Arnaud, I have submitted more information below based on Manoj's suggestion. do you think that there is nothing that needs to be removed from the ADC side? As, we are doing some Penetration testing and these shown below seems to be cropping up. 112-Bit Encryption Algorithms. • SSL RC4 Cipher Suites. • SSL Medium Cipher Suites (3DES). • SSL / TLS Diffie Hellman Modulus <= 1024 bits. • TLS Version 1.0. Thanks John John, You first need to check if your ADC is configured to communicate with XMS with SSL or SSL_Bridge. If SSL modification will need to be done on NetScaler, if SSL_Bridge -> XMS Thanks Arnaud 2 Link to comment
0 ArnaudP1 Posted April 14, 2020 Share Posted April 14, 2020 11 minutes ago, John Francis1709160537 said: How do we disable the following in XenMobile 10.10. Do we do this on the XenMobile servers or the Netscaler ADC? • 112-Bit Encryption Algorithms. • SSL RC4 Cipher Suites. • SSL Medium Cipher Suites (3DES). • SSL / TLS Diffie Hellman Modulus <= 1024 bits. • TLS Version 1.0. Hello, It will depend if your configuration is SSL-Offload or SSL-Bridge on your ADC. If SSL-Offload, you need to configure those on ADC, if SSL-Bridge you need to configure those on each XMS Nodes (reboot required). Thanks Arnaud Link to comment
0 John Francis1709160537 Posted April 15, 2020 Author Share Posted April 15, 2020 18 hours ago, Arnaud Pain said: Hello, It will depend if your configuration is SSL-Offload or SSL-Bridge on your ADC. If SSL-Offload, you need to configure those on ADC, if SSL-Bridge you need to configure those on each XMS Nodes (reboot required). Thanks Arnaud Thanks Arnaud So, it looks like it is configured on ADC. How would I go about configuring it on ADC? Link to comment
0 Manoj Rana Posted April 15, 2020 Share Posted April 15, 2020 Hi The screenshot you have attached doesn't seems to me correct. This is the features unable on the ADC. Please see this article here which will help you to disable Ciphers on the ADC. Thanks Manoj Link to comment
0 John Francis1709160537 Posted April 15, 2020 Author Share Posted April 15, 2020 5 minutes ago, Manoj Rana said: Hi The screenshot you have attached doesn't seems to me correct. This is the features unable on the ADC. Please see this article here which will help you to disable Ciphers on the ADC. Thanks Manoj Hi Manoj, I was just posting it to Arnaud saying SSL offloading is enabled on the ADC. So. that's what I posted that image for. But, thank you for your article that is good. So, if I follow this it should be good enough I suppose. Thanks Link to comment
0 John Francis1709160537 Posted April 16, 2020 Author Share Posted April 16, 2020 12 hours ago, Manoj Rana said: Hi The screenshot you have attached doesn't seems to me correct. This is the features unable on the ADC. Please see this article here which will help you to disable Ciphers on the ADC. Thanks Manoj I went to XenMobile servers and I saw this. Now, earlier I thought that it is here that we had to change it. This is what we have in ADC So, based on what I am looking at, there is no SSL3, DES, 3DES, MD5 and RC4 ciphers to remove from the group, is this correct? If so, are we good? Link to comment
0 John Francis1709160537 Posted April 16, 2020 Author Share Posted April 16, 2020 On 4/14/2020 at 2:01 PM, Arnaud Pain said: Hello, It will depend if your configuration is SSL-Offload or SSL-Bridge on your ADC. If SSL-Offload, you need to configure those on ADC, if SSL-Bridge you need to configure those on each XMS Nodes (reboot required). Thanks Arnaud Hello Arnaud, I have submitted more information below based on Manoj's suggestion. do you think that there is nothing that needs to be removed from the ADC side? As, we are doing some Penetration testing and these shown below seems to be cropping up. 112-Bit Encryption Algorithms. • SSL RC4 Cipher Suites. • SSL Medium Cipher Suites (3DES). • SSL / TLS Diffie Hellman Modulus <= 1024 bits. • TLS Version 1.0. Thanks John Link to comment
Question
John Francis1709160537
How do we disable the following in XenMobile 10.10. Do we do this on the XenMobile servers or the Netscaler ADC?
• 112-Bit Encryption Algorithms.
• SSL RC4 Cipher Suites.
• SSL Medium Cipher Suites (3DES).
• SSL / TLS Diffie Hellman Modulus <= 1024 bits.
• TLS Version 1.0.
Link to comment
7 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now