cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

rcmd show ssldecr status ipaddr

Is there a detailed explanation somewhere of how to read the output from the AMD command?

SSL Decryption statistics for server: 111.222.333.444:443
SESSIONS:
Total number of sessions=547058 (inProgress=0 Finished=547058)
SSL protocol version breakdown per number of sessions:
supported versions: ssl3.0=0 tls1.0=516179 tls1.1=0 tls1.2=0
unsupported versions: ssl2.0=0 other versions=0 no version info=30879
Long handshakes=3134 Short handshakes=0 Compressed sessions=0 SessionTkt reused=0 SessionId reused=0
TLS Session Hash Extension detected: 0
Finished sessions decrypted with no errors=3134 (0% of all finished sessions)
Sessions in progress decrypting with no errors=0 (0% of all sessions in progress)
Finished sessions decrypted partially=0 (0% of all finished sessions)
with a packet lost during payload data exchange=0
with a corrupted payload data packet=0
with decryption failed during payload data exchange=0
terminated by alert during payload data exchange=0
Finished sessions not decrypted=543924 (99% of all finished sessions)
with no private key found=0 (new sessions=0 reused sessions=0)
with a packet lost during handshake=3 (new sessions=3 reused sessions=0)
with a corrupted handshake packet or incorrect handshake sequence=4 (new sessions=4 reused sessions=0)
with decryption broken during handshake=0 (new sessions=0 reused sessions=0)
with unsupported SSL version=0 (ssl2.0=0 otherVersions=0)
with unsupported SSL feature=513045 (unsupported cipher=513045 server key exchange=0)
with compression errors=0 (unsupported compression=0, cannot decompress control records=0 data records=0)
with RSA decryption failed=0, RSA invocations blocked=0 (new sessions=0 reused sessions=0)
reused sessions with no matching master session seen before=0
with incomplete SSL handshake=59 (new sessions=59 reused sessions=0)
closed without data=28966
with invalid 'Hello' packet client=0, server=0
terminated by alert during handshake=12
reuse errors when PMS identified with session id=0, with session ticket=0
session not seen from the beginning=1835
with other errors=0
Supplemental Data detected, server=0 client=0

Cipher-suites:
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA ref=384
+ TLS_RSA_WITH_AES_128_CBC_SHA ref=2750
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ref=513045

CERTIFICATES:
total server-certificate pairs=1
parsed properly=1 (matched=1 matching failed=0 not used=0)
parsing errors=0 (decode=0 extract=0 RSAerror=0)

Thanks and God bless,
Genesius

4 REPLIES 4

jaroslaw_orlows
Dynatrace Pro
Dynatrace Pro

Hi! Have a look at: https://community.dynatrace.com/community/display/DCRUMDOC/SSL-related+rcon+commands

didier-externe_
Inactive

Hi Genesius,

Here is a doc aout SSL

But there is no detailled definition of each lines.

In your case, we can see that 99% of the trafic is not decrypted because of unsupported SSL feature :

Diffie Hellmann (=> TLS_ECDHE_xx ciphersuite).

@+!

Didier


Thanks Jaroslaw.

I am not using HighSpeed AMD.

Thanks Didier.


"Finished sessions not decrypted=543924 (99% of all finished sessions)" means that my key is not decrypting 99% of the time because it is DH. OK.


How about on output from another server (see bold & italic)? No DH, but I am still only decrypting 1%. Why?


Finished sessions not decrypted=4625567 (99% of all finished sessions)

with no private key found=0 (new sessions=0 reused sessions=0)

with a packet lost during handshake=393 (new sessions=393 reused sessions=0)

with a corrupted handshake packet or incorrect handshake sequence=332 (new sessions=332 reused sessions=0)

with decryption broken during handshake=0 (new sessions=0 reused sessions=0)

with unsupported SSL version=4 (ssl2.0=4 otherVersions=0)

with unsupported SSL feature=0 (unsupported cipher=0 server key exchange=0)

with compression errors=0 (unsupported compression=0, cannot decompress control records=0 data records=0)

with RSA decryption failed=0, RSA invocations blocked=0 (new sessions=0 reused sessions=0)

reused sessions with no matching master session seen before=17

with incomplete SSL handshake=270 (new sessions=270 reused sessions=0)

closed without data=3078176

with invalid 'Hello' packet client=0, server=0

terminated by alert during handshake=1

reuse errors when PMS identified with session id=1, with session ticket=0

session not seen from the beginning=1545981

with other errors=393

Supplemental Data detected, server=0 client=0



Cipher-suites:

+ TLS_RSA_WITH_3DES_EDE_CBC_SHA ref=1

+ TLS_RSA_WITH_AES_256_CBC_SHA ref=601



CERTIFICATES:

total server-certificate pairs=1

parsed properly=1 (matched=1 matching failed=0 not used=0)

parsing errors=0 (decode=0 extract=0 RSAerror=0)

This is why I am looking for a line-by-line description for the output of this command.

Thanks and God bless,

Genesius

didier-externe_
Inactive

If you find a line-by-line doc, let's us known !! I've nerver seen it ! Dynatrace, if you hear us 😉

I'm not sur in this new case... but you can try to activate the check box "Enable monitoring of persistent TCP sessions" in the "options" tab of your software service... Hope it will improve your decryption...