Jump to content
Welcome to our new Citrix community!
  • 0

Disable Cipher and TLS in XenMobile


John Francis1709160537

Question

7 answers to this question

Recommended Posts

  • 1
7 hours ago, John Francis1709160537 said:

 

 

Hello Arnaud, 

 

I have submitted more information below based on Manoj's suggestion. do you think that there is nothing that needs to be removed from the ADC side? As, we are doing some Penetration testing and these shown below seems to be cropping up.

 

112-Bit Encryption Algorithms.

• SSL RC4 Cipher Suites.

• SSL Medium Cipher Suites (3DES).

• SSL / TLS Diffie Hellman Modulus <= 1024 bits.

• TLS Version 1.0.

 

Thanks

John

 

John,

 

You first need to check if your ADC is configured to communicate with XMS with SSL or SSL_Bridge.

If SSL modification will need to be done on NetScaler, if SSL_Bridge -> XMS

 

Thanks

Arnaud

  • Like 2
Link to comment
  • 0
11 minutes ago, John Francis1709160537 said:

How do we disable the following in XenMobile 10.10. Do we do this on the XenMobile servers or the Netscaler ADC?

 

• 112-Bit Encryption Algorithms.

• SSL RC4 Cipher Suites.

• SSL Medium Cipher Suites (3DES).

• SSL / TLS Diffie Hellman Modulus <= 1024 bits.

• TLS Version 1.0.

Hello,

 

It will depend if your configuration is SSL-Offload or SSL-Bridge on your ADC.

If SSL-Offload, you need to configure those on ADC, if SSL-Bridge you need to configure those on each XMS Nodes (reboot required).

 

Thanks

Arnaud

Link to comment
  • 0
18 hours ago, Arnaud Pain said:

Hello,

 

It will depend if your configuration is SSL-Offload or SSL-Bridge on your ADC.

If SSL-Offload, you need to configure those on ADC, if SSL-Bridge you need to configure those on each XMS Nodes (reboot required).

 

Thanks

Arnaud

Thanks Arnaud

 

So, it looks like it is configured on ADC. How would I go about configuring it on ADC?

 

image.thumb.png.cdd4f49daf89b4ceba75ad0bfe1b7f71.png

Link to comment
  • 0
5 minutes ago, Manoj Rana said:

Hi 

 

The screenshot you have attached doesn't seems to me correct.  This is the features unable on the ADC.

 

Please see this article here which will help you to  disable Ciphers  on the ADC.

 

Thanks 

Manoj

 

 

Hi Manoj,

 

I was just posting it to Arnaud saying SSL offloading is enabled on the ADC. So. that's what I posted that image for. But, thank you for your article that is good. So, if I follow this it should be good enough I suppose. 

 

Thanks

Link to comment
  • 0
12 hours ago, Manoj Rana said:

Hi 

 

The screenshot you have attached doesn't seems to me correct.  This is the features unable on the ADC.

 

Please see this article here which will help you to  disable Ciphers  on the ADC.

 

Thanks 

Manoj

 

 

 

I went to XenMobile servers and I saw this. Now, earlier I thought that it is here that we had to change it. 

 

image.thumb.png.57b8d5787b528b58689b9440c45ffa9f.png

 

 

This is what we have in ADC 

image.thumb.png.e46faad40e5d5213ed020c6424e5957c.png

 

 

image.thumb.png.127df74044b41d1488d44980a95b57b1.png

 

image.thumb.png.956fa94c7c04173906f0661be93da2a1.png

 

 

So, based on what I am looking at, there is no  SSL3, DES, 3DES, MD5 and RC4 ciphers to remove from the group, is this correct?

 

If so, are we good? 

Link to comment
  • 0
On 4/14/2020 at 2:01 PM, Arnaud Pain said:

Hello,

 

It will depend if your configuration is SSL-Offload or SSL-Bridge on your ADC.

If SSL-Offload, you need to configure those on ADC, if SSL-Bridge you need to configure those on each XMS Nodes (reboot required).

 

Thanks

Arnaud

 

 

Hello Arnaud, 

 

I have submitted more information below based on Manoj's suggestion. do you think that there is nothing that needs to be removed from the ADC side? As, we are doing some Penetration testing and these shown below seems to be cropping up.

 

112-Bit Encryption Algorithms.

• SSL RC4 Cipher Suites.

• SSL Medium Cipher Suites (3DES).

• SSL / TLS Diffie Hellman Modulus <= 1024 bits.

• TLS Version 1.0.

 

Thanks

John

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...