Layer7 API Management

 View Only
  • 1.  Logging of outgoing tls connections

    Posted Apr 30, 2018 11:27 AM

    Hi, we would like to list up the in-user tls versions and cipher suites for outgoing connections but can't seem to find this. We also did not find any context variables to add this to logging's.

    Is there any method to check this so we know our outgoing connections are aligned to the latest security baselines?



  • 2.  Re: Logging of outgoing tls connections

    Broadcom Employee
    Posted Dec 17, 2018 01:32 PM

    Good morning, 

     

    There is not a way to log the value for the TLS version and Cipher used outbound of the gateway without turning on SSL debugging. Please log an idea if you feel that you would like to see this in the product.

     

    If you need to conform to specific versions and levels, you should modify the TLS version and Cipher suites through the HTTP Routing assertion -> Connection tab

     

    Click on the Cipher Suites to limit them down:

     

     

     

    Sincerely,


    Stephen Hughes
    Broadcom Support



  • 3.  Re: Logging of outgoing tls connections

    Posted Jan 02, 2019 03:52 AM

    Fyi, idea has been posted: Logging of outgoing tls connections 



  • 4.  Re: Logging of outgoing tls connections

    Posted Jan 04, 2019 11:23 AM

    I'm curious, what do you mean by "turning on SSL debugging" ?

     



  • 5.  Re: Logging of outgoing tls connections

    Broadcom Employee
    Posted Jan 04, 2019 12:24 PM

    Good morning,

     

    You can turn on SSL debugging by following the instructions in this part of the documentation Working with Log Sinks and Debug Logs - CA API Gateway - 9.3 - CA Technologies Documentation -> Debugging SSL/TLS.

     

    Excerpt: 

    The SSL/TLS debugging for all the Java security JCE providers might not be enabled by setting the io.debugSsl cluster-wide property to "true". Instead, define javax.net.debug property with the appropriate level (example,ssl, all, and so on) in the system.properties file of Gateway.

    Do not to use the level help, as it causes some providers to terminate the JVM.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support