Update June 2018: Securing Citrix NetScaler VPX to score A+ rating on SSL Labs

Uncategorized
June 15, 2018

Recent Visitor 14

This post serves as an update to my previous blog post:

Update: Securing Citrix NetScaler VPX to score A+ rating on SSL Labs

https://blog.terenceluk.com/2017/09/update-securing-citrix-netscaler-vpx-to.html

… which will no longer score an A+ rating because the ciphers are now out of date.

In order to score an A+ rating:

… we’ll need to update the ciphers to the following:

TLS1-ECDHE-RSA-AES256-SHA

TLS1-ECDHE-RSA-AES128-SHA

TLS1-DHE-RSA-AES-256-CBC-SHA

TLS1-DHE-RSA-AES-128-CBC-SHA

TLS1-AES-256-CBC-SHA

TLS1-AES-128-CBC-SHA

TLS1.2-ECDHE-RSA-AES-256-SHA384

TLS1.2-ECDHE-RSA-AES-128-SHA256

TLS1.2-ECDHE-RSA-AES256-GCM-SHA384

TLS1.2-ECDHE-RSA-AES128-GCM-SHA256

TLS1.2-DHE-RSA-AES256-GCM-SHA384

TLS1.2-DHE-RSA-AES128-GCM-SHA256

TLS1-ECDHE-ECDSA-AES256-SHA

TLS1-ECDHE-ECDSA-AES128-SHA

The command to execute on the NetScaler are as follows:

add ssl cipher Custom-VPX-Cipher

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-ECDHE-RSA-AES256-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-ECDHE-RSA-AES128-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-AES-256-CBC-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-AES-128-CBC-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-ECDHE-ECDSA-AES256-SHA

bind ssl cipher Custom-VPX-Cipher -cipherName TLS1-ECDHE-ECDSA-AES128-SHA

The ciphers above were tested on a NetScaler NS12.1 48.13.nc and verified to score an A+.

NetScaler, VPX

Hello! My name is Terence Luk and welcome to my blog.

About me

Follow me:

Web Application Update: Adding identity information of the user who has uploaded a file to a Storage Account

November 4, 2024

Configuring a Logic App to run an Azure AI Search Service Indexer to index new documents for RAG

October 28, 2024

Creating a Logic App to process Defender for Storage malware scan results published by Event Grid

October 21, 2024

Using Defender for Storage to scan for malware in a Storage Account, Event Grid to publish details and trigger Logic App

October 15, 2024

Update June 2018: Securing Citrix NetScaler VPX to score A+ rating on SSL Labs

Hello! My name is Terence Luk and welcome to my blog.

Follow me:

Categories

Related Posts

Web Application Update: Adding identity information of the user who has uploaded a file to a Storage Account

Configuring a Logic App to run an Azure AI Search Service Indexer to index new documents for RAG

Creating a Logic App to process Defender for Storage malware scan results published by Event Grid

Using Defender for Storage to scan for malware in a Storage Account, Event Grid to publish details and trigger Logic App

Subscribe to the mailing list to receive posts updates!

Categories

Recent Posts

Web Application Update: Adding identity information of the user who has uploaded a file to a Storage Account

Configuring a Logic App to run an Azure AI Search Service Indexer to index new documents for RAG