Scoring an A+ at with Citrix NetScaler – Q2 2023 update

In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.

SSL Labs after


This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.

Updates and tests

Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog.

I tested the latest version of the script against a NetScaler 13.1 VPX (NS13.1 without any issues. The instance was pre-configured with the previous version of the script. The previous script provided me a B at SSL Labs.

SSL Labs before
SSL Labs before

After I let the latest version of the script optimize the VPX appliance, we are back to an A+. Example:

.\set-nsssl.ps1 -nsip "" -adminpassword "secret" -enablesslprof -nolb -nocsw -ciphergroupname "custom-ssllabs-cipher-2022" -sslprofile "custom-ssllabs-profile-2022" -nosave

SSL Labs after
SSL Labs after

The script

The latest version of the script that contains my Pull Request can be found over at Ryan’s GitHub and embedded here:

Error, script can't be fetched from GitHub.

Author: Marco

Marco is an IT-System administrator and IT-Consultant with 10+ years experience. He is specialized in the delivery of virtual Apps and Desktops with Citrix solutions. In 2017 he has been awarded Citrix Technology Advocate by Citrix for his community work (#CTA). His second core area is availability & performance monitoring with Zabbix, a leading open-source solution. His employer is the German IT-Company ANAXCO, which is developing a Transport Management Software (TMS) based on Microsoft Dynamics AX. More about Marco

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.