Hi, we would like to list up the in-user tls versions and cipher suites for outgoing connections but can't seem to find this. We also did not find any context variables to add this to logging's.
Is there any method to check this so we know our outgoing connections are aligned to the latest security baselines?
There is not a way to log the value for the TLS version and Cipher used outbound of the gateway without turning on SSL debugging. Please log an idea if you feel that you would like to see this in the product.
If you need to conform to specific versions and levels, you should modify the TLS version and Cipher suites through the HTTP Routing assertion -> Connection tab
Click on the Cipher Suites to limit them down:
Stephen HughesBroadcom Support
Fyi, idea has been posted: Logging of outgoing tls connections
I'm curious, what do you mean by "turning on SSL debugging" ?
You can turn on SSL debugging by following the instructions in this part of the documentation Working with Log Sinks and Debug Logs - CA API Gateway - 9.3 - CA Technologies Documentation -> Debugging SSL/TLS.
The SSL/TLS debugging for all the Java security JCE providers might not be enabled by setting the io.debugSsl cluster-wide property to "true". Instead, define javax.net.debug property with the appropriate level (example,ssl, all, and so on) in the system.properties file of Gateway.
Do not to use the level help, as it causes some providers to terminate the JVM.