Question & Answer
Question
How to determine the SSL version of an HTTPS hit
Answer
Contents
Question
How can the SSL version (i.e. TLS 1.2. 3.0 etc.) or cipher version of an HTTP request be tracked?
Answer
Question
How can the SSL version (i.e. TLS 1.2. 3.0 etc.) or cipher version of an HTTP request be tracked?
Answer
Tealeaf HTTPS hits are tagged in the request as in this example:
?????? CIPHER_SUITE=TLS_RSA_WITH_AES_256_CBC_SHA
Each cipher is associated with a TLS version which you can look up here:
???? https://www.openssl.org/docs/apps/ciphers.html
The above example is from the TLS v1.0 cipher suite
while TLS_RSA_WITH_AES_256_CBC_SHA256 is in TLS v 1.2.
You might report on these cyphers directly populate them into a dimension
or possibly use an advanced event to decode the TLS version to make reporting easier.
?????? CIPHER_SUITE=TLS_RSA_WITH_AES_256_CBC_SHA
Each cipher is associated with a TLS version which you can look up here:
???? https://www.openssl.org/docs/apps/ciphers.html
The above example is from the TLS v1.0 cipher suite
while TLS_RSA_WITH_AES_256_CBC_SHA256 is in TLS v 1.2.
You might report on these cyphers directly populate them into a dimension
or possibly use an advanced event to decode the TLS version to make reporting easier.
Note that in PCA versions 3620 and earlier
the "prefix" portion of the cipher string was not written so for example:
????????????? RSA_WITH_RC4_128_SHA
...is a part (and not the full name) of several ciphers:
?? ?SSL v3.0 cipher suites:???? SSL_RSA_WITH_RC4_128_SHA
?? ?TLS v1.0 cipher suites:???? TLS_RSA_WITH_RC4_128_SHA
To provide for the full cipher name including the SSL protocol identifier
PCA version 3650 or later is required. The prefix is of the format:
SSL3_ = SSLv3
TLS1_ = TLSv1.0
TLS11_ = TLSv1.1
TLS12_ = TLSv1.2
Additionally the PCA stats include these overall counts:
Total TLS1.1 sessions
Total TLS1.1 sessions decrypted
Total TLS1.2 sessions
Total TLS1.2 sessions decrypted
Those are also available as per-minute stats in the statistics log file.
Lastly it may be possible to add additional information in the PCA via a custom modification.
If you are interested in that possibility it's best to work through the professional services group.
Article Reference
Applies to version(s):? 8.x+
"
[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSERNK","label":"Tealeaf Customer Experience"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"","label":""}}]
Was this topic helpful?
Document Information
Modified date:
08 December 2018
UID
ibm10777815