It took some time and many disscussions but it looks like Netscaler VPX and TLS 1.x came together.

The first thing you need is to update to the latest Netscaler build 10.5 57.7

Now enable TLS settings on your vServer:

set ssl vserver _XD_ng_outscale -tls11 ENABLED -tls12 ENABLED

Now have a look to the config:

sh ssl vserver _XD_ng_outscale

 Advanced SSL configuration for VServer _XD_ng_outscale:
 DH: ENABLED DHParam File: /nsconfig/ssl/dh-key1.key Refresh Count: 0
 Ephemeral RSA: ENABLED Refresh Count: 0
 Session Reuse: ENABLED Timeout: 120 seconds
 Cipher Redirect: DISABLED
 SSLv2 Redirect: DISABLED
 ClearText Port: 0
 Client Auth: DISABLED
 SSL Redirect: DISABLED
 Non FIPS Ciphers: DISABLED
 SNI: DISABLED
 SSLv2: DISABLED SSLv3: DISABLED TLSv1.0: ENABLED TLSv1.1: ENABLED TLSv1.2: ENABLED
 Push Encryption Trigger: Always
 Send Close-Notify: YES


1) CertKey Name: wildcard-cert Server Certificate


1) Cipher Name: SECURE-Ciphers
 Description: User Created Cipher Group
 Done

If you have done so, save your config und go to: https://www.ssllabs.com/ssltest/index.html
In my case got an A- in my first test

10.5. sslThis quite a good result and I think it was about time to support TLS 1.x on VPX. If you would like to have a look at the release notes, please follow the link https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/NS_10_5_57_7.html

 

I tested this on my Hyper-V 2012 Lab and I am very interested about your results on other hypervisors.

 

Leave a Comment

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.