Security has been top of mind for everyone in the last year. The most secure communication layer (SSL/TLS) on WWW was torn apart by the security researchers and we figured out that most of what we were using was not as secure as it sounded. TLS 1.1 and 1.2 became the need of the hour and NetScaler quickly responded back by implementing the support in MPX appliances. Now, NetScaler MPX-FIPS platform also becomes stronger with support of TLS 1.1/1.2 protocol. MPX-FIPS platforms are used in sensitive deployments where data security is critical and all such deployments can avail the new support now.

The rule is simple! Data confidentiality is directly proportional to the protocol and cipher used.

When I saw the 2014 biopic The Imitation Game which is set in World War II, I was astonished to see how Alan Turing successfully broke the super strong ciphers created by the Enigma machine, which the Nazis used to secure their wireless messages. His efforts were helpful in saving thousands of lives around the world.

In the modern context, sensitive data, from credit card numbers to patient health information to social networking details, need protection when transmitted across an insecure network. Data with defence and federal agencies are considered even more sensitive and thus they need stronger cryptographic infrastructure. National Institute of Standards and Technology (NIST) mandates such agencies to comply with Federal Information Processing Standard (FIPS) to meet their strict security requirements.

What is FIPS 140-2?

The FIPS Publication 140-2 is a U.S. government computer security standard used to accredit cryptographic modules. To coordinate the requirements and standards for cryptography modules including both hardware and software, the NIST issued the FIPS 140 Publication Series.

Citrix NetScaler comes in FIPS variant as well which is in compliance with FIPS 140-2 level 2. It provides organizations with additional security by protecting unauthorized access to cryptographic keys, which if misappropriated could result in a data security breach.

NetScaler FIPS appliance are available in four form factors with Pay-as-You-Grow model. These are MPX 9700/10500/12500/15500.

Why TLS 1.2?

SSL 3.0 and TLS 1.0 both have vulnerabilities in their implementation. These vulnerabilities were exposed by various attacks like POODLE and BEAST. SSL 3.0 is becoming obsolete now and TLS 1.0 is not secure enough considering the advancement in processing and computing power. Large ciphers can also be broken now which were practically impossible to do earlier.

The security issues with SSL 3.0 and TLS 1.0 are addressed by TLS 1.1 and TLS 1.2. It is recommended by NIST that government servers and clients should move to TLS 1.1 and 1.2.

Government is taking proactive steps in terms of security of data and NIST has asked the federal agencies to move to TLS 1.2 before Oct 1 2015.

What is the fuss about?

NetScaler FIPS appliances start supporting TLS 1.1 and TLS 1.2 protocols from 10.5.e MR build 55.8007.e, released in Q2 2015. This will result in the product to comply with the NIST mandate for federal agencies to use TLS 1.2 from October 2015 and enables NetScaler to be successfully deployed in government organizations. Already deployed NetScaler FIPS appliances shall be upgraded to this build or later to support TLS 1.2 and continue its glorious run in the government sector.

As always NetScaler evolves itself and keeps its customers in a win-win situation. So, beat the trepidation, unsureness and dilemma and start using TLS 1.1/1.2 with NetScaler FIPS appliances.

Important details once more –

TLS 1.1 and TLS 1.2 support on NetScaler FIPS appliances.

Build – 10.5 55.8007.e

Download link –

P.S. Stay tuned – happiness spreads faster than you notice!