Citrix did release a new NetScaler Release/Firmware in December 2017 with Support for a subset of the ChaCha20 Ciphers, so that means I had to update my Cipher Lists. The NetScaler Firmware starting to support ChaCha20 is 12.0-56.20 and this time the ChaCha20 Ciphers are only supported on VPX Appliances. Let's hope that Citrix will add MPX Support and the Rest of the ChaCha20 Ciphers in a subsequent NetScaler Release.
So here are the updated Cipher Groups:
- Modern Compatibility:
- Intermediate Compatibility:
Currently the Intermediate Cipher Group is still vulnerable to the ROBOT Attack because of the Ciphers starting with TLS_RSA. I suggest using the Modern Compatibility Cipher Group to remediate against the ROBOT Attack.