A+ SSL rating analytics
An application must use secure ciphers and protocols for SSL transactions. Otherwise, it can impact the privacy, data integrity, and security of the users accessing the application. NetScaler ADM reviews the application’s virtual server SSL settings with the ADC secure front-end profile. The settings required for an A+ rating is preloaded into the secure front-end profile.
As an application owner, you can assess whether your application has anA+rating. You can also view the protocol and cipher suite scores of an application. If your application has noA+rating, you canupgrade toA+rating.
To view the application’s SSL rating, do the following:
Go toApplications > Dashboard.
Filter applications based on their SSL ratings.
If an application has no rating, it is categorized underNA.
Select the required application grid from the GUI.
Select theSSLtab. This tab displays the SSL rating of the application.
TheSSL选项卡提供以下选项之一张e or upgrade your application’s rating:
Upgrade to A+ SSL rating
When you upgrade an application to A+ SSL rating, the following changes occur depending on the state of a default SSL profile on an ADC instance:
If the default SSL profile is disabled, NetScaler ADM modifies to the recommended SSL settings on the SSL virtual server.
If the default SSL profile is enabled, NetScaler ADM creates a new SSL profile with the recommended A+ settings based on a secure profile.
The application withoutA+rating displays the details affected virtual servers in theSSLtab.
InApp Details, you can review the virtual server details whose configuration is not compliant with the secure front-end profile. Also, it displays the remediation measures in theRecommendationcolumn. These measures are given to make your application compliant with the secure front-end profile.
在这个例子中,有几个secu虚拟服务器rity issues.Protocol TLSv1.0 enabledis one of such issues. TheApp Detailssection recommends an appropriate action to solve this issue. To solve all such issues with the respective recommendations, do the following:
ClickUpgrade to A+ rating.
The confirmation message displays the commands that run on a virtual server. These commands might affect your application traffic.
Review the commands and clickConfirm.
Roll back SSL rating
After you upgrade the application to A+ rating, you can analyze the incoming traffic inSSL insight. This page displays the ciphers and protocols on which SSL transactions are negotiated.
However, if you observe some legitimate traffic are dropped, you can roll back the secure front-end profile configured on your application. This action changes the SSL rating to the earlier rating.
To roll back an SSL rating, do the following:
ClickRollback.
The confirmation message displays the commands that run on a virtual server.
Review the commands and clickConfirm.
Determine the impact of SSL-rating on the application traffic
The application traffic might be affected when you upgrade the SSL-rating. InSSL Metrics, you can observe whether connections are dropped after the upgrade. With this information, you can decide to continue or roll back the SSL rating.
In the following example graph, some connections are dropped after upgrading the SSL-rating toA+.
