RUM - Add capbility to monitor applications based on TLS1.3

RUM - Add capbility to monitor applications based on TLS1.3

Since more & more buz apps are using TLS1.3 (Transport Layer Security), RUM should be able to monitor such apps well.

Tags (1)
3 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Accepted

Thanks for submitting this idea. For RUM, to support applications that use TLS 1.3 somewhere in the chain of servers that receive user requests, we suggest deployment architectures that allow for RUM Sniffer’s Man-in-the-middle monitoring (for example, setup a monitoring segment without TLS 1.3 in the chain of servers) or use RUM CM Probe or use TCP level monitoring.

We plan to provide documentation with best practices to monitor applications that use TLS 1.2 with DH ciphers or TLS 1.3.

The technical reason RUM Sniffer would not decrypt TLS 1.3 traffic is because the protocol mandates DH ciphers. DH inherently blocks the Man-in-the-middle approach to monitoring employed by RUM Sniffer.

 

 

Anthony Raphael Regular Contributor.
Regular Contributor.

One way to over come this issue is to use a load balancer that takes over the security certificate management , leaving the back end to do its work , then just tap the connection between the Load balancer and the web frontend . Problem solved .

 

Micro Focus Expert
Micro Focus Expert
Hi Anthony,
Thanks for your hint.
Unfortunately my customer does not have a Load Balancer in between (so far).
Regards,

Patrik
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.