RC4 stands for RivestCipher 4 is a type of stream cipher i.e it generates streams of bytes one for each byte of the text you want to encrypt. RC4 uses symmetric key encryption algorithm. It is very simple, that once the key stream is generated it is simply XOR-ed with plain text. The key size varies from 64 to 128 bit. This cipher is used in SSL communication and WEP for 802.11. 

RC4 generates a key stream from the secret key and XORs it with plain text to produce the encrypted text. Even though implementation looks simple, RC4 is an encryption algorithm having some vulnerability at initial stages. The first bytes of output reveal information about the key.

NetScaler supports RC4 symmetric key encryption algorithm. There are two ways for removing RC4 from NetScaler. RC4 can be removed from Cipher group or it can be removed from SSL profile.

In order to remove RC4 from your Cipher group to avoid this vulnerability, the following procedure has to be followed.

Note: The below mentioned example is for removing RC4 from Default Cipher group and binding it to a vserver.

Instructions

Removing RC4 ciphers from Cipher group using Configuration utility:

1. Navigate to Configuration tab > Traffic Management > SSL > Select Cipher Groups.

   

2. Click Add.

   

   

3. Type the Cipher Group Name to anything else apart from the existing cipher groups. Select Cipher (by clicking the + before the cipher) > uncheck RC4 Ciphers > Move them under Configured.

   

   
   Note: Some of these RC4 ciphers will not be available in different versions of NetScaler.

4. Click Create. You will have a list of ciphers from default cipher group without RC4 ciphers.

To add the new cipher group to vserver

The below mentioned link gives detailed explanation of how to add user defined cipher groups to vserver.

Citrix Documentation - Configuring User-Defined Cipher Groups on the NetScaler Appliance.

Removing RC4 ciphers from SSL Profile using Configuration utility

1. Navigate to Configuration tab > System > Profiles > SSL Profle Tab > <profile name to be modified> > Edit.

   

2. Select SSL Ciphers > Add > Select Cipher (by clicking the + before the cipher) > uncheck RC4 Ciphers > Move them under Configured.

   

3. After moving list of Ciphers to Configured, Click OK and save the configuration.

   

After the above mentioned steps, SSL profile will not have RC4 ciphers.