• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home /
  • Public Forums /
  • Network Application Monitoring /
  • NAM Open Q&A /
avatar image
Question by Thomas H. · Nov 12, 2014 at 02:21 PM ·

Encryption detection - Doodle

One of our customers ask if we can detect what encryption that have been used (SSL3/TLS1.0/TLS1.1 etc)

They would like to see this because of the POODLE SSLv3 Vulnerability and be able to report on it.

 

/Thomas

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

4 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Thomas H. · Nov 14, 2014 at 01:26 AM

Thanks Adam, that was exactly what they where looking for

/Thomas

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Ulf T. · Nov 12, 2014 at 10:33 PM

Is there a way to see what IP is realted to what SSL?

I think what Thomas is fishing for is a list of all IP addresses that use SSL3.

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Adam P. ♦♦ · Nov 13, 2014 at 01:07 AM 0
Share

Yes, using:

SHOW SSLDECR STATUS *

command it prints out SSL stats (that mentioned SSL protocol version breakdown per number of sessions is a part of) for each monitored SSL server.

avatar image

Answer by Adam P. · Nov 12, 2014 at 10:22 PM

Thomas,

Use rcmd show ssldecr status command, the usage is:

SHOW SSLDECR STATUS HELP - display this help message
SHOW SSLDECR STATUS - show aggregated information about SSL decryption status
SHOW SSLDECR STATUS * - show general information about SSL decryption status for all servers
SHOW SSLDECR STATUS ip_addr - show general information about SSL decryption status filtered by IP address
SHOW SSLDECR STATUS ip_addr port - show general information about SSL decryption status for one IP address and port number

The output should be simialr to:

SSL protocol version breakdown per number of sessions:
supported versions: ssl3.0=1003270 tls1.0=1351368 tls1.1=9287 tls1.2=39268
unsupported versions: ssl2.0=34 other versions=0 no version info=2490279

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Adam P. ♦♦ · Nov 13, 2014 at 01:08 AM 0
Share

Thomas,

If you would need help parsing the output of:

SHOW SSLDECR STATUS *

command, please let us know.

avatar image

Answer by Ulf T. · Nov 12, 2014 at 03:13 PM

Hi Thomas

As i know, there are no automatic way of getting insight into what version of SSL is being used.

However - RCON there is a number of things you could pursue, such as turning on the logging of all SSL SHOW SSLDECR LOGLEVEL

I don't have a SSL log at hand so I'm not 100% sure of what will be listed in there but it's a start. There are also some other things you could look into by using the fantastic RCON GUI (tongue) SSL-Related rcon Commands 

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

2 People are following this question.

avatar image avatar image

Forum Tags

esm siebel Dynatrace Managed license nam probe wan citrix dna rest api configuration mq alerting NAM 2018 dashboard dcrumadvisory reports css nam universal decode database mobileapp RUM ads sap nam console scripting nam server sequence transactions nam 2019 upgrade
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A