Moussa ML Posted May 28, 2019 Share Posted May 28, 2019 Hi all, In SSL Lab, I have this message alert "This server is vulnerable to the Zombie POODLE vulnerability. Grade will be set to F from May 2019. MORE INFO », taht is related to the Cipher Block Chaining as you can check in this article https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities, do you have an idea how can I deal with this vulnaribility to avoid class F? Thanks in advance. Best Regards, Moussa Link to comment Share on other sites More sharing options...
CarlStalhood Posted May 28, 2019 Share Posted May 28, 2019 I suspect you'd need to move the GCM ciphers to the top of the list. See https://www.citrix.com/blogs/2018/05/16/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-q2-2018-update/ Link to comment Share on other sites More sharing options...
Moussa ML Posted May 29, 2019 Author Share Posted May 29, 2019 Hi Carl, Thank you for your reply, Idid but we have alwas the same message "This server is vulnerable to the Zombie POODLE vulnerability. Grade will be set to F from May 2019. MORE INFO »" Best Regards, Moise Link to comment Share on other sites More sharing options...
CarlStalhood Posted May 29, 2019 Share Posted May 29, 2019 What build of NetScaler? Make sure it's one of these - https://support.citrix.com/article/CTX240139 Link to comment Share on other sites More sharing options...
Moussa ML Posted May 29, 2019 Author Share Posted May 29, 2019 Yes, we have 11.1 57.11 Link to comment Share on other sites More sharing options...
CarlStalhood Posted May 29, 2019 Share Posted May 29, 2019 Then you need to upgrade the firmware to 11.1 build 60.14 and later. The article shows this. Link to comment Share on other sites More sharing options...
Moussa ML Posted May 29, 2019 Author Share Posted May 29, 2019 Ok carl, thank you. this upgrade will resolve this issue without any other changes? Link to comment Share on other sites More sharing options...
CarlStalhood Posted May 29, 2019 Share Posted May 29, 2019 As long has you have already done everything else detailed in https://www.citrix.com/blogs/2018/05/16/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-q2-2018-update/, then the firmware upgrade is probably all you need. Link to comment Share on other sites More sharing options...
Moussa ML Posted May 29, 2019 Author Share Posted May 29, 2019 ok thank you so much carl Link to comment Share on other sites More sharing options...
Andreas Furtenbacher Posted June 6, 2019 Share Posted June 6, 2019 Hi, I am running on 12.0 61.8 but still got the grade F. I was on A+ before this. Has anyone some more ideas? Regarding https://support.citrix.com/article/CTX240139 with a firmware newer than 12.0 60.9, the vulnerbilities should be closed?! Thank you, Andreas Link to comment Share on other sites More sharing options...
Moussa ML Posted June 14, 2019 Author Share Posted June 14, 2019 Hi afurten, I have upgraded to 12.1 51.19 to resolve this issue, I have A+ now. Best Regards, Moise Link to comment Share on other sites More sharing options...
Glen McDonald Posted September 3, 2019 Share Posted September 3, 2019 I've upgraded to 12.1 51.19 and I'm still getting the vulnerable message when I scan the site. Is there anything else that I need to do? Link to comment Share on other sites More sharing options...
Roberto Pereira Posted November 15, 2019 Share Posted November 15, 2019 Hello, I have also the problem with F rating on ssllabs. I upgraded the customres NS to 13.0-41.28 and still getting Rating F. I followed the article from Steven Wright how to get an A+ Score. Strange is, that I use the same settings on our Netscaler. Our Netscaler (also 13.0-41.28) has an A+ Rating and the customer has F. I made a new Ciper Group without CBC Cipers but still F Score. Then I assigned again the Cipher Group from Steven Wright. The first check of ssllabs shows A+, when I repeat the check it goes back to F. Further ssllabs is showing CBC-Cipers, also if I assign a Ciper-Group without CBC Cipers to the vserver. Has someone found a solution that works? Link to comment Share on other sites More sharing options...
Russell Maher Posted November 17, 2019 Share Posted November 17, 2019 Fixed for me at last!. 12.1.51.19 Been getting SSLLabs A+ then F and back and forth for weeks. Switched to these ciphers and so far all A+. https://docs.citrix.com/en-us/tech-zone/build/tech-papers/networking-tls-best-practices.html Link to comment Share on other sites More sharing options...
Roberto Pereira Posted November 22, 2019 Share Posted November 22, 2019 Thank you Russ, this works fine now. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now