NetScaler and OpenSSL

Many customer asked me, if those OpenSSL vulnerabilities found for some time now do apply to Citrix NetScaler, too. In order to support you with this kind of arguments, Citrix article CTX227468 will help you.

The quintessence is: yes, Citrix NetScaler uses different versions of OpenSSL (related to the specific firmware version), but only to generate of SSL private keys und certificate signing requests (CSRs). SSL related services, e.g. SSL Offload and Gateway vServers, do NOT use OpenSSL. But keep in mind, this does NOT saves Citrix NetScaler from vulnerabilities found in SSL protocols itself or their implementation. Think of “Heart Bleed“, for example.

Hint: to get the OpenSSL version installed with “your” NetScaler issue the following UNIX shell command:
“openssl version”

Leave a Reply