Product Documentation

Cipher/Protocol Support Matrix on the NetScaler Appliance

Mar 21, 2016

From release 10.5 build 56.22, NetScaler MPX appliances support full hardware optimization for all ciphers. In earlier releases, part of ECDHE/DHE cipher optimization was done in software.

Note: Hardware optimization is not supported for ciphers that are specific to the NetScaler VPX appliance. On the SDX platform, if you do not assign an SSL chip to an instance, optimization is done by software.

The following tables list the support for different ciphers on SSL entities, such as virtual server, front-end, back-end, and internal services. Use the 'show hardware' command to identify whether your appliance has N3 chips.

Example 複製

> sh hardware

Platform: NSMPX-22000 16*CPU+24*IX+12*E1K+2*E1K+4*CVM N3 2200100

Manufactured on: 8/19/2013

CPU: 2900MHZ

Host Id: 1006665862

Serial no: ENUK6298FT

Encoded serial no: ENUK6298FT

Done

Table1: Support on Virtual Server/Frontend Service/Internal Service

 

MPX/SDX (N2)

MPX/SDX (N3)

VPX

FIPS

FIPS with firmware 2.2

TLS 1.1/1.2

10.0 

10.0 

10.5-57.x

 Not supported

10.5 58.1108.e

ECDHE/DHE

10.5-53.x

10.1-124.x

10.5 GA

 Not supported

 Not supported

AES-GCM

10.5-53.x

10.5-53.x

11.0-65.x

 Not supported

 Not supported

SHA-2

10.5-53.x

10.5-53.x

11.0-65.x

 Not supported

 Not supported

注意

  1. TLS-Fallback_SCSV cipher suite is supported on all appliances from release 10.5 build 57.x
  2. HTTP Strict Transport Security (HSTS) support is policy-based.

Table 2: Support on Backend Services

 

MPX/SDX (N2)

MPX/SDX (N3)

VPX

FIPS

FIPS with firmware 2.2

TLS 1.1/1.2

10.5-59.x/11.0-50.x

10.5-59.x /11.0-50.x

11.0-65.x

 Not supported

10.5 58.1108.e

ECDHE/DHE

10.5-58.x/11.0-50.x

10.5-58.x/11.0-50.x

Not supported

 Not supported

 Not supported

AES-GCM

Not supported

Not supported

Not supported

 Not supported

 Not supported

SHA-2

Not supported

Not supported

Not supported

 Not supported

 Not supported