Solved

SSLv3 Protocol Flaw on NetScaler

Posted on 2014-10-22
1
1,300 Views
Last Modified: 2016-10-25
Hello,

I have some sites configured on NetScaler 9.3 under Load Balancing and also under GSLB. I am trying to disable SSLv3 and I followed support article http://support.citrix.com/article/CTX200238.

I am also testing my site thru https://www.ssllabs.com/ssltest/index.html but eventhough I disable ssl3 on vserver and service still its coming back Grade F. Insecure Client-Initiated Renegotiation Supported   INSECURE

Any suggestions, do I need to run command for SNIP/MIP, I am doing this for individual site for testing.

Thanks a lot.
0
Comment
Question by:nabeel65
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40398568
probably the citrix need to verify or restart service to ensure config is active. also make sure the actual web/app server does not have sslv3 as well as its front end facing profile NS is just another proxy unless it is terminating SSL on behalf then it is NS that is likely still having the sslv3. also check the server cert presented on browser and see if ssl still used.
https://msandbu.wordpress.com/2014/10/15/citrix-netscaler-and-ssl3-poodle-exploit/

note - If I have other load balanced vServer I can also disable SSL for these vServers, but it is important to check if the clients that are connecting actually support TLS.

also note the rating scheme update in ssltest and it alos includ ethe poodle test as per the sslv3 that greatly impact why you have a F grade https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Batch convert .doc to .docx 13 182
Software - Posting same reply on multiple forums. 4 73
Need job search tool for follow-ups 6 80
software license audit 6 57
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This video shows how use content aware, what it’s used for, and when to use it over other tools.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now