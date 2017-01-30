Yet another OpenSSL security advisory – released January 26, 2017 – has revealed four new issues ranging from moderate to low severity. We would like to reassure our customers that NetScaler is unaffected by these vulnerabilities.

CVE-2017-3731 – If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.

NetScaler does not have support for CHACHA/POLY-based cipher suites, and does not carry the affected code relating to the insecure usage of RC4-MD5. Customers may, further, choose to disable the RC4-MD5 cipher suite on NetScaler as a recommended best practice measure.

If the IPMI/LOM port on your NetScaler hardware appliance is configured to connect to servers that may use RC4-MD5, please ensure that it is only configured to connect to trusted servers. The trusted server should not negotiate a connection using the insecure RC4-MD5 cipher suite to avoid exposure to this known vulnerability.

Turn off RC4-MD5 on NetScaler

