cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unsupported feature (cipher) : Which of the following are supported cipher in DCRUM 12.3

r_muresu
Participant

Hello, can someone tell me which of the following ciphers are supported by dcrum?

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_NULL_SHA256,
TLS_RSA_WITH_NULL_SHA,
SSL_CK_DES_192_EDE3_CBC_WITH_MD5,
SSL_CK_RC4_128_WITH_MD5

5 REPLIES 5

ulf_thornander3
Inactive

https://community.dynatrace.com/community/display/DCRUM123/SSL+Software+Support

chris_v
Dynatrace Pro
Dynatrace Pro

Anything with ECE or DHE in the name won't work.

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro

Execute:

rcmd show ssldecr ciphers

command and these lines that have minus at the beginning of the line are not supported.

These with ref > 0 at the end of each line are currently observed in your traffic.

r_muresu
Participant

ok. thanks

raffaele_talari
Inactive


Hi Roberto,


if you want to have a deeper look into SSL Decryption you can enable the SSL LogLevel Error through the following command:

rcmd ssldecr loglevel error

and check the rtm.log (/usr/adlex/log/rtm.log)

cat /usr/adlex/log/rtm.log

or

tail -f /usr/adlex/log/rtm.log

Enabling the SSL LogLevel Error allows you to see the "extended" rtm.log with all the info regarding the SSL Decryption.

Hope it helps.

PS: remember to disable the loglevel error with the following command, after your check:

rcmd ssldecr loglevel disable

Ciao,

Raffaele