It took some time and many disscussions but it looks like Netscaler VPX and TLS 1.x came together.
The first thing you need is to update to the latest Netscaler build 10.5 57.7
Now enable TLS settings on your vServer:
set ssl vserver _XD_ng_outscale -tls11 ENABLED -tls12 ENABLED
Now have a look to the config:
sh ssl vserver _XD_ng_outscale Advanced SSL configuration for VServer _XD_ng_outscale: DH: ENABLED DHParam File: /nsconfig/ssl/dh-key1.key Refresh Count: 0 Ephemeral RSA: ENABLED Refresh Count: 0 Session Reuse: ENABLED Timeout: 120 seconds Cipher Redirect: DISABLED SSLv2 Redirect: DISABLED ClearText Port: 0 Client Auth: DISABLED SSL Redirect: DISABLED Non FIPS Ciphers: DISABLED SNI: DISABLED SSLv2: DISABLED SSLv3: DISABLED TLSv1.0: ENABLED TLSv1.1: ENABLED TLSv1.2: ENABLED Push Encryption Trigger: Always Send Close-Notify: YES 1) CertKey Name: wildcard-cert Server Certificate 1) Cipher Name: SECURE-Ciphers Description: User Created Cipher Group Done
If you have done so, save your config und go to: https://www.ssllabs.com/ssltest/index.html
In my case got an A- in my first test
This quite a good result and I think it was about time to support TLS 1.x on VPX. If you would like to have a look at the release notes, please follow the link https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/NS_10_5_57_7.html
I tested this on my Hyper-V 2012 Lab and I am very interested about your results on other hypervisors.
Marco Klose works as a Technical Consultant, Architect and CTO focused on Application & Desktop virtualization as well as application delivery with the Citrix product portfolio. He is specialized in Citrix virtualization, Citrix networking and Microsoft products. He has +10 years experience and holds the latest Citrix certifications and is member of the Citrix Partner Expert Council EMEA (PTEC). Since 2021 he is also a Citrix Technology Advocate (CTA).