A+ SSL rating analytics

An application must use secure ciphers and protocols for SSL transactions. Otherwise, it can impact the privacy, data integrity, and security of the users accessing the application. Citrix ADM reviews the application’s virtual server SSL settings with the ADC secure front-end profile. The settings required for an A+ rating is preloaded into the secure front-end profile.

As an application owner, you can assess whether your application has an A+ rating. You can also view the protocol and cipher suite scores of an application. If your application has no A+ rating, you can upgrade to A+ rating.

To view the application’s SSL rating, do the following:

  1. Go to Applications > Dashboard.

  2. Filter applications based on their SSL ratings.

    Filter applications by SSL ratings

    If an application has no rating, it is categorized under NA.

  3. Select the required application grid from the GUI.

  4. Select the SSL tab. This tab displays the SSL rating of the application.

    SSL rating

The SSL tab provides one of the following options to change or upgrade your application’s rating:

Upgrade to A+ SSL rating

When you upgrade an application to A+ SSL rating, the following changes occur depending on the state of a default SSL profile on an ADC instance:

  • If the default SSL profile is disabled, ADM modifies to the recommended SSL settings on the SSL virtual server.

  • If the default SSL profile is enabled, ADM creates a new SSL profile with the recommended A+ settings based on a secure profile.

The application without A+ rating displays the details affected virtual servers in the SSL tab.

Not A plus

In App Details, you can review the virtual server details whose configuration is not compliant with the secure front-end profile. Also, it displays the remediation measures in the Recommendation column. These measures are given to make your application compliant with the secure front-end profile.

In this example, the virtual server has a few security issues. Protocol TLSv1.0 enabled is one of such issues. The App Details section recommends an appropriate action to solve this issue. To solve all such issues with the respective recommendations, do the following:

  1. Click Upgrade to A+ rating.

    Confirm A+ upgrade

    The confirmation message displays the commands that run on a virtual server. These commands might affect your application traffic.

  2. Review the commands and click Confirm.

Roll back SSL rating

After you upgrade the application to A+ rating, you can analyze the incoming traffic in SSL insight. This page displays the ciphers and protocols on which SSL transactions are negotiated.

However, if you observe some legitimate traffic are dropped, you can roll back the secure front-end profile configured on your application. This action changes the SSL rating to the earlier rating.

Rollback SSL rating

To roll back an SSL rating, do the following:

  1. Click Rollback.

    Confirmation message rollback

    The confirmation message displays the commands that run on a virtual server.

  2. Review the commands and click Confirm.

Determine the impact of SSL-rating on the application traffic

The application traffic might be affected when you upgrade the SSL-rating. In SSL Metrics, you can observe whether connections are dropped after the upgrade. With this information, you can decide to continue or roll back the SSL rating.

In the following example graph, some connections are dropped after upgrading the SSL-rating to A+.

SSL metrics

A+ SSL rating analytics