Jump to content
Welcome to our new Citrix community!

Netscaler disable SSL 2 & SSL 3


Recommended Posts

show service –internal | grep <IP>  this command showing 4 different sevices. For which one I should run below command  ? And why its all showing loopback IP 127.0.0.1?

 

set ssl service <internal service name for that ip> -ssl3 disabled
set ssl service <internal service name for that ip> -ssl2 disabled

 

image.thumb.png.dad1f23cc1d8ed26defab790c11b0f32.png

Link to comment
Share on other sites

On 5/29/2020 at 10:45 PM, Diego Oliveira said:

SSL 3.0/2.0 are considered weak ciphers. I recommend you disable it.

 

Key points to be considered while securing SSL layer:

SSL 2.0 and SSL 3.0 should be disabled

Weak ciphers like DES, 3DES, RC4 or MD5 should not be used

do I have to disable SSLfor all these services- nsrpcs, nshttps, nskrpcs, nsrnatsip?

Link to comment
Share on other sites

do I have to disable SSLfor all these services- nsrpcs, nshttps, nskrpcs, nsrnatsip? 

 

Those are services running on netscaler,  If you are not using it then you can go ahead and disable it.

 

Ciphers are used when you are trying to connect certificate based URL/Device then you can select higher lever cipher which are not vulnerable to common attacks.

 

 

Regards

Sam 

Link to comment
Share on other sites

No, you don't actually DISABLE the SSL, just follow the notes in that article to make the "SSL" (actually SSL/TLS) session more secure.

 

You use SSL profiles to make Vservers more secure, then there are other commands (all in that article) to secure the SNIPs, and to secure management access.

 

eg: >set ssl service nshttps-127.0.0.1-443 –ssl3 DISABLED

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...