set-nsssl

1.3

Scoring an A+ for Netscaler from SSLLABS

A PowerShell script that enables TLS 1.2, disables SSLv2 and SSLv3, creates and binds Diffie-Hellman (DH) key, creates and binds "Strict Transport Security policy" and removes all other ciphers and binds cipher group mentioned in https://www.citrix.com/blogs/2015/05/22/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-the-sequel/

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name set-nsssl

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

@ryan_c_butler

Copyright

2016

Owners

Tags

Netscaler REST SSL A SSLLABS

Functions

Login Cipher get-ciphers CipherGroup CipherGroup-vpx get-vpnservers get-vservers get-csservers Logout set-cipher set-nscipher set-nsip set-sslprofilebind SaveConfig get-rewritepol EnableFeature SetupSTS set-lbpols set-cspols set-vpnpols checkvpx new-dhkey checkfordhkey set-sslparams enable-sslprof check-nsversion check-defaultprofile check-sslprofile new-sslprofile set-profilecipherbinding set-profilecipher

Dependencies

This script has no dependencies.

Release Notes

03-17-16: Added port 3008 and 3009 to managment ips
03-28-16: Rewrite to reflect PS best practice and managment IP ciphers
06-13-16: Adjusted to reflect https://www.citrix.com/blogs/2016/06/09/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-2016-update/. Also removed management IPS from default.  (Tested with 11.0 65.31)
06-14-16: Now supports HTTPS
07-02-16: Added "nosave" paramenter
03-11-17: Default SSL profile additions for 11.1 and greater
06-02-17: Changes for default profile and add for policy priority argument.  Also added some error handling
08-27-17: Formatting for PS Gallery
01-27-18: Adjustment for default profile version https://support.citrix.com/article/CTX205291

Version History

Version Downloads Last updated
1.3 (current version) 123 1/27/2018