Solved

SSLv3 Protocol Flaw on NetScaler

Posted on 2014-10-22
1
1,308 Views
Last Modified: 2016-10-25
Hello,

I have some sites configured on NetScaler 9.3 under Load Balancing and also under GSLB. I am trying to disable SSLv3 and I followed support article http://support.citrix.com/article/CTX200238.

I am also testing my site thru https://www.ssllabs.com/ssltest/index.html but eventhough I disable ssl3 on vserver and service still its coming back Grade F. Insecure Client-Initiated Renegotiation Supported   INSECURE

Any suggestions, do I need to run command for SNIP/MIP, I am doing this for individual site for testing.

Thanks a lot.
0
Comment
Question by:nabeel65
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40398568
probably the citrix need to verify or restart service to ensure config is active. also make sure the actual web/app server does not have sslv3 as well as its front end facing profile NS is just another proxy unless it is terminating SSL on behalf then it is NS that is likely still having the sslv3. also check the server cert presented on browser and see if ssl still used.
https://msandbu.wordpress.com/2014/10/15/citrix-netscaler-and-ssl3-poodle-exploit/

note - If I have other load balanced vServer I can also disable SSL for these vServers, but it is important to check if the clients that are connecting actually support TLS.

also note the rating scheme update in ssltest and it alos includ ethe poodle test as per the sslv3 that greatly impact why you have a F grade https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
This video demonstrates basic masking and how to edit the mask to reveal the desired image.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

775 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question