How to remove ECDHE Ciphers from NetScaler Gateway

How to remove ECDHE Ciphers from NetScaler Gateway

book

Article ID: CTX223585

calendar_today

Updated On:

Description

Configure a custom cipher group excluding ECDHE and SSL cipher suites. Then bind the new cipher group to the NetScaler Gateway.

Instructions

1. Navigate to Configuration > Traffic Management > SSL > Cipher Groups. Click Add.

User-added image

2. Set the group name, i.e. NO_ECDHE. Then click Add.
User-added image

3. Expand the DEFAULT cipher group and select all non-ECDHE and non-SSL3 cipher groups. You may need to scroll down to get the rest of ciphers. Notice that only ciphers within the DEFAULT cipher group will be selected.
User-added image

4. The new cipher group should looks like this. Then click Create.
User-added image

5. Navigate to the NetScaler Gateway select the NetScaler Gateway vServer and then click Edit.

User-added image
6. Scroll down to the SSL Cipher section and click the Edit icon at the upper right corner of the section.
User-added image

7. Click in the Remove All link to unbind the DEFAULT cipher group. 
User-added image 

8. Select the Cipher Groups radio button and select the recently created cipher group in the Cipher Group drop down menu. Click OK.
User-added image

9. SSL Ciphers section now should looks like this:
User-added image

Powered by Wolken Software