220.127.116.11. How to specify the encryption scheme of SSL communication (TLS1.2-AES-256-SHA256)
|Operation Confirmed Version:|
| ||Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition
Method to change the encryption scheme of SSL communication will be introduced here.
If the encryption strength is weak, the communication cannot be concealed and has higher risk of interception or alteration. For communication, the same level of encryption has to be usable in the client (user) side.
Presumed case for sample setting
Select the Virtual Server to change the setting and click the [ Edit ] button.
The details screen of the Virtual Server will be displayed. Click the Edit icon in the [ SSL Ciphers ].
If items of SSL Ciphers are not displayed, select [ +SSL Ciphers ] from [ Advanced Settings ] in the right side of the screen.
Specify the following encryption scheme on the SSL Ciphers screen.
TLS1.2-AES-256-SHA256 (encryption scheme to specify)
Click the [ +Add ] button from the SSL Ciphers screen.
The List of Available Ciphers screen will be displayed. Select [ TLS1.2-AES-256-SHA256 ] from [ ALL ] and click the right triangle to move the target [ Cipher Suite ] to [ Configured ].
The specified encryption scheme is added to the right side. Delete [ DEFAULT ] that is already set, by clicking “-” mark.
As we want to use the specified encryption level [ TLS1.2-AES-256-SHA256 ] only, other items are removed from the Settings.
When addition in the right side of the screen is complete, click [ OK ].
It is also possible to select multiple encryption levels here. Multiple encryption levels can be enabled by adding encryption levels you want to use in the right side of the screen.
The details screen of the Virtual Server will be displayed. Check that [ TLS1.2-AES-256-SHA256 ] is displayed in [ Configured ] of [ SSL Ciphers ], and click [ Done ].
On the Virtual Server screen, check that the target [ State ] and the [ Effective State ] are [ Up ].
This completes the setting to specify the encryption scheme for SSL communication.
Connection check by Openssl
From the Virtual PC to the Virtual Server, execute the following command from Openssl.
openssl s_client -connect 192.168.200.200:443 -showcerts
It was confirmed that the connection is made by the specified encryption scheme.