Faruque Hossain Posted May 28, 2020 Share Posted May 28, 2020 show service –internal | grep <IP> this command showing 4 different sevices. For which one I should run below command ? And why its all showing loopback IP 127.0.0.1? set ssl service <internal service name for that ip> -ssl3 disabled set ssl service <internal service name for that ip> -ssl2 disabled Link to comment Share on other sites More sharing options...
Diego Oliveira Posted May 28, 2020 Share Posted May 28, 2020 It's name of internal services for NSIP. Disable SSL 3.0/2.0 on SNIP: https://support.citrix.com/article/CTX205480 Link to comment Share on other sites More sharing options...
Faruque Hossain Posted May 29, 2020 Author Share Posted May 29, 2020 12 hours ago, Diego Oliveira said: It's name of internal services for NSIP. Disable SSL 3.0/2.0 on SNIP: https://support.citrix.com/article/CTX205480 do I have to disable all these services- nsrpcs, nshttps, nskrpcs, nsrnatsip? Link to comment Share on other sites More sharing options...
Diego Oliveira Posted May 29, 2020 Share Posted May 29, 2020 SSL 3.0/2.0 are considered weak ciphers. I recommend you disable it. Key points to be considered while securing SSL layer: SSL 2.0 and SSL 3.0 should be disabled Weak ciphers like DES, 3DES, RC4 or MD5 should not be used Link to comment Share on other sites More sharing options...
Faruque Hossain Posted June 1, 2020 Author Share Posted June 1, 2020 On 5/29/2020 at 10:45 PM, Diego Oliveira said: SSL 3.0/2.0 are considered weak ciphers. I recommend you disable it. Key points to be considered while securing SSL layer: SSL 2.0 and SSL 3.0 should be disabled Weak ciphers like DES, 3DES, RC4 or MD5 should not be used do I have to disable SSLfor all these services- nsrpcs, nshttps, nskrpcs, nsrnatsip? Link to comment Share on other sites More sharing options...
Sambhaji Banapure Posted June 1, 2020 Share Posted June 1, 2020 do I have to disable SSLfor all these services- nsrpcs, nshttps, nskrpcs, nsrnatsip? Those are services running on netscaler, If you are not using it then you can go ahead and disable it. Ciphers are used when you are trying to connect certificate based URL/Device then you can select higher lever cipher which are not vulnerable to common attacks. Regards Sam Link to comment Share on other sites More sharing options...
Paul Blitz Posted June 4, 2020 Share Posted June 4, 2020 No, you don't actually DISABLE the SSL, just follow the notes in that article to make the "SSL" (actually SSL/TLS) session more secure. You use SSL profiles to make Vservers more secure, then there are other commands (all in that article) to secure the SNIPs, and to secure management access. eg: >set ssl service nshttps-127.0.0.1-443 –ssl3 DISABLED 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now