• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
        • Enterprise Synthetic Monitoring
      • Synthetic Classic
        • Synthetic Classic Open Q&A
  • Home /
  • Public Forums /
  • Network Application Monitoring /
  • NAM Open Q&A /
avatar image
Question by Thomas H. · Nov 12, 2014 at 02:21 PM ·

Encryption detection - Doodle

One of our customers ask if we can detect what encryption that have been used (SSL3/TLS1.0/TLS1.1 etc)

They would like to see this because of the POODLE SSLv3 Vulnerability and be able to report on it.

 

/Thomas

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

4 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Thomas H. · Nov 14, 2014 at 01:26 AM

Thanks Adam, that was exactly what they where looking for

/Thomas

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

avatar image

Answer by Ulf T. · Nov 12, 2014 at 10:33 PM

Is there a way to see what IP is realted to what SSL?

I think what Thomas is fishing for is a list of all IP addresses that use SSL3.

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

avatar image Adam P. &. · Nov 13, 2014 at 01:07 AM 0
Share

Yes, using:

SHOW SSLDECR STATUS *

command it prints out SSL stats (that mentioned SSL protocol version breakdown per number of sessions is a part of) for each monitored SSL server.

avatar image

Answer by Adam P. · Nov 12, 2014 at 10:22 PM

Thomas,

Use rcmd show ssldecr status command, the usage is:

SHOW SSLDECR STATUS HELP - display this help message
SHOW SSLDECR STATUS - show aggregated information about SSL decryption status
SHOW SSLDECR STATUS * - show general information about SSL decryption status for all servers
SHOW SSLDECR STATUS ip_addr - show general information about SSL decryption status filtered by IP address
SHOW SSLDECR STATUS ip_addr port - show general information about SSL decryption status for one IP address and port number

The output should be simialr to:

SSL protocol version breakdown per number of sessions:
supported versions: ssl3.0=1003270 tls1.0=1351368 tls1.1=9287 tls1.2=39268
unsupported versions: ssl2.0=34 other versions=0 no version info=2490279

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

avatar image Adam P. &. · Nov 13, 2014 at 01:08 AM 0
Share

Thomas,

If you would need help parsing the output of:

SHOW SSLDECR STATUS *

command, please let us know.

avatar image

Answer by Ulf T. · Nov 12, 2014 at 03:13 PM

Hi Thomas

As i know, there are no automatic way of getting insight into what version of SSL is being used.

However - RCON there is a number of things you could pursue, such as turning on the logging of all SSL SHOW SSLDECR LOGLEVEL

I don't have a SSL log at hand so I'm not 100% sure of what will be listed in there but it's a start. There are also some other things you could look into by using the fantastic RCON GUI (tongue) SSL-Related rcon Commands 

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 52.4 MB each and 262.1 MB total.

Welcome to the
Dynatrace Community Forums

Check out the Community User Guide and First steps in the forum to learn how to get started.

Community Member of the Month
December 2019

Announcing Dynatrace's Community Member of the Month for December 2019, Enrico F.! Click here to read more!

Employee Member of the Month
December 2019

Announcing Dynatrace's Employee Member of the Month for December 2019, Silvia M.! Click here to read more!

Live webinar: Ensuring Digital Business Availability with Dynatrace

Learn how Dynatrace Real User Monitoring automatically detects errors that impact your end users caused by erroneous 3rd party or CDNs.
December 12, 4:00 pm CET / 10:00 am ET
Register here

Live webinar: Ensuring Digital Business Availability with Dynatrace

Learn how Dynatrace Real User Monitoring automatically detects errors that impact your end users caused by erroneous 3rd party or CDNs.
December 12, 4:00 pm CET / 10:00 am ET
Register here

Live webinar: Ensuring Digital Business Availability with Dynatrace

Learn how Dynatrace Real User Monitoring automatically detects errors that impact your end users caused by erroneous 3rd party or CDNs.
December 12, 4:00 pm CET / 10:00 am ET
Register here

Live webinar: Ensuring Digital Business Availability with Dynatrace

Learn how Dynatrace Real User Monitoring automatically detects errors that impact your end users caused by erroneous 3rd party or CDNs.
December 12, 4:00 pm CET / 10:00 am ET
Register here

Follow this Question

Answers Answers and Comments

2 People are following this question.

avatar image avatar image

Forum Tags

esm security siebel license nam probe wan citrix dna rest api configuration mq alerting NAM 2018 dashboard dcrumadvisory reports css nam universal decode mobileapp RUM ads sap nam console scripting nam server sequence transactions upgrade nam 2019
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A
      • Enterprise Synthetic Monitoring
    • Synthetic Classic
      • Synthetic Classic Open Q&A