cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encryption detection - Doodle

thomas_henmar1
Inactive

One of our customers ask if we can detect what encryption that have been used (SSL3/TLS1.0/TLS1.1 etc)

They would like to see this because of the POODLE SSLv3 Vulnerability and be able to report on it.

 

/Thomas

6 REPLIES 6

ulf_thorn222
Inactive

Hi Thomas

As i know, there are no automatic way of getting insight into what version of SSL is being used.

However - RCON there is a number of things you could pursue, such as turning on the logging of all SSL SHOW SSLDECR LOGLEVEL

I don't have a SSL log at hand so I'm not 100% sure of what will be listed in there but it's a start. There are also some other things you could look into by using the fantastic RCON GUI (tongue) SSL-Related rcon Commands 

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro

Thomas,

Use rcmd show ssldecr status command, the usage is:

SHOW SSLDECR STATUS HELP - display this help message
SHOW SSLDECR STATUS - show aggregated information about SSL decryption status
SHOW SSLDECR STATUS * - show general information about SSL decryption status for all servers
SHOW SSLDECR STATUS ip_addr - show general information about SSL decryption status filtered by IP address
SHOW SSLDECR STATUS ip_addr port - show general information about SSL decryption status for one IP address and port number

The output should be simialr to:

SSL protocol version breakdown per number of sessions:
supported versions: ssl3.0=1003270 tls1.0=1351368 tls1.1=9287 tls1.2=39268
unsupported versions: ssl2.0=34 other versions=0 no version info=2490279

Thomas,

If you would need help parsing the output of:

SHOW SSLDECR STATUS *

command, please let us know.

ulf_thorn222
Inactive

Is there a way to see what IP is realted to what SSL?

I think what Thomas is fishing for is a list of all IP addresses that use SSL3.

Yes, using:

SHOW SSLDECR STATUS *

command it prints out SSL stats (that mentioned SSL protocol version breakdown per number of sessions is a part of) for each monitored SSL server.

thomas_henmar1
Inactive

Thanks Adam, that was exactly what they where looking for

/Thomas