A Citrix Architect needs to enable the security of the Virtual Delivery Agent (VDA) by evaluating the `˜Enable-VdaSSL.ps1 -Enable' script.
Which supported SSL protocol version is least secure when using the default settings of the script?
A Citrix Architect needs to enable the security of the Virtual Delivery Agent (VDA) by evaluating the `˜Enable-VdaSSL.ps1 -Enable' script.
Which supported SSL protocol version is least secure when using the default settings of the script?
The default settings of the Enable-VdaSSL.ps1 script specify TLS 1.0 as the minimum SSL protocol version. This default protocol version is considered less secure compared to newer versions, such as TLS 1.1 and TLS 1.2. Therefore, the least secure supported SSL protocol version when using the default settings of the script is TLS 1.0.
A is correct https://support.citrix.com/article/CTX220062 said Enable-VdaSSL {-Enable | -Disable} [–SSLPort <port>] [-SSLMinVersion “<min-ssl-version>”] [-SSLCipherSuite“<suite>”] [-CertificateThumbPrint “<thumbprint>”] and -SSLMinVersion “<min-ssl-version>” Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0"
Keyword: "default settings of the script"
I read over "default". A is correct! Sorry!
correct answer should be A . default setting is TLS 1.0
I also would say A, the question states "using the default settings of the script". The Default is TLS1.0
The minimum ssl protocol version is ssl_v3 and will be enabled if nothing else is submitted
Agreed with @bonepin Enable-VDASSL --SSLMinVersion “<min-ssl-version>” From https://support.citrix.com/article/CTX220062 Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0"
The answer is B is correct: https://support.citrix.com/article/CTX220062 Which versions of the SSL protocol to allow. The supported SSL protocol versions follow a hierarchy (lowest to highest): SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2. You specify the minimum allowed version; all protocol connections using that version or a higher version are allowed. If you want to change the default settings (optional), use the following in the same registry path: SSLPort DWORD – SSL port number. Default: 443. SSLMinVersion DWORD – 1 = SSL 3.0, 2 = TLS 1.0, 3 = TLS 1.1, 4 = TLS 1.2. Default: 2 (TLS 1.0). SSLCipherSuite DWORD – 1 = GOV, 2 = COM, 3 = ALL. Default: 3 (ALL).
Correct. Don't get caught up on "default settings". The article says "You specify the minimum allowed version [in the script]."
WAIT! I was wrong. The question is asking what the default setting will be. SSLMinVersion DWORD – 1 = SSL 3.0, 2 = TLS 1.0, 3 = TLS 1.1, 4 = TLS 1.2. Default: 2 (TLS 1.0). Default is TLS 1.0!!
Link is correct but answer is wrong. Magic keyword is "default" and the table shows: Minimum TLS protocol version, enclosed in quotation marks. Valid values: “SSL_3.0”, “TLS_1.0” (default), “TLS_1.1”, and “TLS_1.2”.
https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/tls.htm According to this link above and in the table, it has (Default) right after TLS 1.0 Based on that I vote A Minimum TLS protocol version, enclosed in quotation marks. Valid values: “SSL_3.0”, “TLS_1.0” (default), “TLS_1.1”, and “TLS_1.2”. Important: Citrix recommends that customers review their usage of SSLv3 and take steps to reconfigure their deployments to remove support for SSLv3 where appropriate. See CTX200238.
A is right
https://support.citrix.com/article/CTX220062 Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0"
I think that the key here is "when using the default settings of the script", so I go with TLS 1.0, so A.
A is correct. Defaults setting is TLS 1.0 (Script -> .PARAMETER SSLMinVersion Specifies the minimum SSL version (allowed values are SSL_3.0, TLS_1.0, TLS_1.1 and TLS_1.2). Default is TLS_1.0. )
B is correct!
no way: https://support.citrix.com/article/CTX220062 said Enable-VdaSSL {-Enable | -Disable} [–SSLPort <port>] [-SSLMinVersion “<min-ssl-version>”] [-SSLCipherSuite“<suite>”] [-CertificateThumbPrint “<thumbprint>”] and -SSLMinVersion “<min-ssl-version>” Minimum SSL protocol version, enclosed in quotation marks. Valid values: "SSL_3.0", "TLS_1.0", "TLS_1.1", and "TLS_1.2". Default: "TLS_1.0" A is correct
Which versions of the SSL protocol to allow. The supported SSL protocol versions follow a hierarchy (lowest to highest): SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2. You specify the minimum allowed version; all protocol connections using that version or a higher version are allowed. For example, if you specify TLS 1.1 as the minimum version, then TLS 1.1 and TLS 1.2 protocol connections are allowed. If you specify SSL 3.0 as the minimum version, then connections for all the supported versions are allowed. If you specify TLS 1.2 as the minimum version, only TLS 1.2 connections are allowed. B should be the answer.
default param of any ps1 is that may be omitted at ps1 invoke, in our case for Enable-VdaSSL.ps1 if there is no any -SSLMinVersion option we goes with default ie tls 1.0
Yes, B. B1lly's referenced article states: "If you specify SSL 3.0 as the minimum version, then connections for all the supported versions are allowed."