Home >Documents >Enterprise Cloud 2.0 Tutorial v2.7.0 > 11. Using Load Balancer > 11.2. Configuration example of Citrix NetScaler VPX > 11.2.4. Load Balancing function >11.2.4.17. How to specify the encryption scheme of SSL communication (TLS1.2-AES-256-SHA256)

11.2.4.17. How to specify the encryption scheme of SSL communication (TLS1.2-AES-256-SHA256)

Operation Confirmed Version:  Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition

Method to change the encryption scheme of SSL communication will be introduced here.

If the encryption strength is weak, the communication cannot be concealed and has higher risk of interception or alteration. For communication, the same level of encryption has to be usable in the client (user) side.

Presumed case for sample setting

• Specify the encryption scheme to (TLS1.2-AES-256-SHA256) and connect from the client by OpenSSL. Check that the connection is made by the specified encryption scheme.

Configuration diagram

Select the Virtual Server to change the setting and click the [ Edit ] button.

The details screen of the Virtual Server will be displayed. Click the Edit icon in the [ SSL Ciphers ].

Note

If items of SSL Ciphers are not displayed, select [ +SSL Ciphers ] from [ Advanced Settings ] in the right side of the screen.

Specify the following encryption scheme on the SSL Ciphers screen.

Setting Items	Setting value
Configured	TLS1.2-AES-256-SHA256 (encryption scheme to specify)

Click the [ +Add ] button from the SSL Ciphers screen.

The List of Available Ciphers screen will be displayed. Select [ TLS1.2-AES-256-SHA256 ] from [ ALL ] and click the right triangle to move the target [ Cipher Suite ] to [ Configured ].

The specified encryption scheme is added to the right side. Delete [ DEFAULT ] that is already set, by clicking “-” mark.

Note

As we want to use the specified encryption level [ TLS1.2-AES-256-SHA256 ] only, other items are removed from the Settings.

When addition in the right side of the screen is complete, click [ OK ].

Note

It is also possible to select multiple encryption levels here. Multiple encryption levels can be enabled by adding encryption levels you want to use in the right side of the screen.

The details screen of the Virtual Server will be displayed. Check that [ TLS1.2-AES-256-SHA256 ] is displayed in [ Configured ] of [ SSL Ciphers ], and click [ Done ].

On the Virtual Server screen, check that the target [ State ] and the [ Effective State ] are [ Up ].

This completes the setting to specify the encryption scheme for SSL communication.

Connection check by Openssl

From the Virtual PC to the Virtual Server, execute the following command from Openssl.

openssl s_client -connect 192.168.200.200:443 -showcerts

[ Execution Result ]

It was confirmed that the connection is made by the specified encryption scheme.

---

11.2.4.16. How to specify the encryption scheme of SSL communication (TLS1.2-ECDHE-RSA-AES-128-SHA256)

11.2.4.18. How to specify the encryption scheme of SSL communication (TLS1.2-AES-128-SHA256)