How NetScaler helps?
No need to freak out! NetScaler can block FREAK attacks by disabling export grade RSA. By default, export grade RSA is disabled in NetScaler, but if it had been explicitly configured, can be removed using following command
set ssl vserver <vServer name> -eRSA DISABLED
In case of management interface, to manually remove export grade RSAs the following command has to be used.
set ssl service nshttps-127.0.0.1-443 -eRSA DISABLED
“nshttps-127.0.0.1-443” is the internal service running for NetScaler Management Interface
set ssl service nshttps-::1l-443 -eRSA DISABLED
“nshttps-::1l-443” is the internal service running for NetScaler Management Interface
In NetScaler SDX appliance, this issue was found with customers using NetScaler Service Delivery Appliance Service VM (SVM) as TLS client.
This vulnerability is fixed in following versions of NetScaler Service Delivery Appliance Service VM(SVM).
- Version 10.5 Build 57.7 and later
- Version 10.5.e Build 57.7005.e and later
- Version 10.1 Build 133.9 and later
To find out more information about the supported versions of NetScaler ADC and Gateway, please read the support article: http://support.citrix.com/article/CTX200491