Site icon BLOGS

Scoring an A+ at with Citrix NetScaler – Q2 2023 Update

marco hofmann by Marco Hofmann, CTA

In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.


This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.

Updates and tests

Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog.

I tested the latest version of the script against a NetScaler 13.1 VPX (NS13.1 without any issues. The instance was pre-configured with the previous version of the script. The previous script provided me a B at SSL Labs.

SSL Labs Before

After I let the latest version of the script optimize the VPX appliance, we are back to an A+. Example:

.\set-nsssl.ps1 -nsip "" -adminpassword "secret" -enablesslprof -nolb -nocsw -ciphergroupname "custom-ssllabs-cipher-2022" -sslprofile "custom-ssllabs-profile-2022" -nosave

SSL Labs After

The script

The latest version of the script that contains my Pull Request can be found over at Ryan’s GitHub.

Recent CUGC blogs:

Exit mobile version