[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

SSLv3 Protocol Flaw on NetScaler

Posted on 2014-10-22
1
Medium Priority
?
1,421 Views
Last Modified: 2016-10-25
Hello,

I have some sites configured on NetScaler 9.3 under Load Balancing and also under GSLB. I am trying to disable SSLv3 and I followed support article http://support.citrix.com/article/CTX200238.

I am also testing my site thru https://www.ssllabs.com/ssltest/index.html but eventhough I disable ssl3 on vserver and service still its coming back Grade F. Insecure Client-Initiated Renegotiation Supported   INSECURE

Any suggestions, do I need to run command for SNIP/MIP, I am doing this for individual site for testing.

Thanks a lot.
0
Comment
Question by:nabeel65
1 Comment
 
LVL 66

Accepted Solution

by:
btan earned 1500 total points
ID: 40398568
probably the citrix need to verify or restart service to ensure config is active. also make sure the actual web/app server does not have sslv3 as well as its front end facing profile NS is just another proxy unless it is terminating SSL on behalf then it is NS that is likely still having the sslv3. also check the server cert presented on browser and see if ssl still used.
https://msandbu.wordpress.com/2014/10/15/citrix-netscaler-and-ssl3-poodle-exploit/

note - If I have other load balanced vServer I can also disable SSL for these vServers, but it is important to check if the clients that are connecting actually support TLS.

also note the rating scheme update in ssltest and it alos includ ethe poodle test as per the sslv3 that greatly impact why you have a F grade https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question