Scenario: A Citrix Administrator configured the "-denySSLReneg" Parameter using the below command on NetScaler to enhance security. set ssl parameter denySSLReneg
Which two options can the administrator use to complete the command (Choose two.)
Scenario: A Citrix Administrator configured the "-denySSLReneg" Parameter using the below command on NetScaler to enhance security. set ssl parameter denySSLReneg
Which two options can the administrator use to complete the command (Choose two.)
To enhance security on a NetScaler appliance using the '-denySSLReneg' parameter, the options 'NONSECURE' and 'ALL' are the correct choices. 'NONSECURE' denies non-secure SSL renegotiation, addressing a particular vulnerability, while 'ALL' denies secure and non-secure SSL renegotiation initiated by the client, server, or the appliance itself. These options enhance the security posture by mitigating potential SSL renegotiation vulnerabilities.
NO: Full SSL renegotiation is allowed. - So this is not secure? FRONTEND_CLIENT: Deny secure and non-secure SSL renegotiation initiated by the client. FRONTEND_CLIENTSERVER: Deny secure and non-secure SSL renegotiation initiated by the client and by the NetScaler appliance during policy-based clientAuth. ALL: Deny secure and non-secure SSL renegotiation for the preceding two cases and for server initiated renegotiation. NONSECURE: Deny non-secure SSL renegotiation to address the vulnerability described in RFC 5746.