OpenSSL recently by an advisory two new themed along with an update on an earlier issue-less than two months disclosure the last release in early December. We want to assure our customers that NetScaler is not affected by these vulnerabilities.
CVE-2016-0701 allows man-in-the-middle attacks against a vulnerable client or server, the DH uses parameters based on uncertain primes the case with X9.42 style parameters such. OpenSSL 1.0.2 from - X9.42 support was recently added. NetScaler make use of X9.42 and is not affected.
CVE-2015-3197 is not an issue for the vast majority of NetScaler deployments. SSLv2 is not supported by NetScaler MPX FIPS. On all other platforms, the currently supported versions SSLv2 is disabled by default. However, if you are a customer who SSLv2 busy, we recommend it off and turn the switch to TLSv1.1 to a minimum.
When logjam (CVE-2015-4000) was first disclosed its NetScaler SSL implementation future proof when negotiating TLS connections 1024 bit DH parameters to use
. NetScaler has not adopted the update of OpenSSL to absorb 1024 bit DH parameters of the minimum to make permissible length.
0 Komentar