On Demand Citrix Nerds consulting services 24 hours a day!

Phone: 1-800-905-0005

Home > Documentation > Netscaler Secure Ciphers

Installation Documentation
Citrix NetScaler VPX Cipher Suites A+ Rating


#REM - NEW NETSCALER SECURE CONFIGURATION SETTINGS WHICH GIVE A+ RATING
#REM - IF DEFAULT CIPHER SUITE IS USED AND NEW CIPHER SUITE HAS NOT BEEN CREATED
#REM - Substitute your own VPN vServer for what appears here as _XD_192.168.1.22_443
#REM - Paste modified settings in to an SSH session to the Netscaler
set vpn vserver _XD_192.168.1.22_443 -icaOnly ON
set ssl vserver _XD_192.168.1.22_443 -ssl3 DISABLED -tls1 DISABLED -tls11 DISABLED tls12 ENABLED tls13 ENABLED
set ssl parameter -denySSLReneg FRONTEND_CLIENT

add ssl cipher SecureCiphers
bind ssl cipher SecureCiphers -cipherName TLS1.3-CHACHA20-POLY1305-SHA256
bind ssl cipher SecureCiphers -cipherName TLS1.3-AES128-GCM-SHA256
bind ssl cipher SecureCiphers -cipherName TLS1.3-AES256-GCM-SHA384
bind ssl cipher SecureCiphers -cipherName TLS1.2-ECDHE-ECDSA-AES256-SHA384
bind ssl cipher SecureCiphers -cipherName TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384
bind ssl cipher SecureCiphers -cipherName TLS1-ECDHE-ECDSA-AES256-SHA
bind ssl cipher SecureCiphers -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384
bind ssl cipher SecureCiphers -cipherName TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256
bind ssl cipher SecureCiphers -cipherName TLS1.2-ECDHE-RSA-CHACHA20-POLY1305
bind ssl cipher SecureCiphers -cipherName TLS1.2-ECDHE-ECDSA-CHACHA20-POLY1305
bind ssl cipher SecureCiphers -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384

bind ssl vserver _XD_192.168.1.22_443 -cipherName SecureCiphers
unbind ssl vserver _XD_192.168.1.22_443 -cipherName DEFAULT
set ssl vserver _XD_192.168.1.22_443 -HSTS ENABLED -maxage 157680000
#REM HSTS command does not exist in Netscaler firmware versions prior to 12.x
#REM - END OF NETSCALER SECURE CONFIGURATION SETTINGS WHICH GIVE A+ RATING
#REM - CONTAINS NO WEAK CIPHERS