RUM - Add capbility to monitor applications based on TLS1.3

Idea ID 2686370

RUM - Add capbility to monitor applications based on TLS1.3

Since more & more buz apps are using TLS1.3 (Transport Layer Security), RUM should be able to monitor such apps well.

Tags (1)
4 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Accepted

Thanks for submitting this idea. For RUM, to support applications that use TLS 1.3 somewhere in the chain of servers that receive user requests, we suggest deployment architectures that allow for RUM Sniffer’s Man-in-the-middle monitoring (for example, setup a monitoring segment without TLS 1.3 in the chain of servers) or use RUM CM Probe or use TCP level monitoring.

We plan to provide documentation with best practices to monitor applications that use TLS 1.2 with DH ciphers or TLS 1.3.

The technical reason RUM Sniffer would not decrypt TLS 1.3 traffic is because the protocol mandates DH ciphers. DH inherently blocks the Man-in-the-middle approach to monitoring employed by RUM Sniffer.

 

 

Regular Contributor.
Regular Contributor.

One way to over come this issue is to use a load balancer that takes over the security certificate management , leaving the back end to do its work , then just tap the connection between the Load balancer and the web frontend . Problem solved .

 

Micro Focus Expert
Micro Focus Expert
Hi Anthony,
Thanks for your hint.
Unfortunately my customer does not have a Load Balancer in between (so far).
Regards,

Patrik
Member..
Member..

Hello MF,

May I know why still BSM/APM 9.51 version is not supporting TLS 1.3 for https transaction?

As I see MF product every quarterly upgrading version of every product however compatibilities not checking by development team.

Till the time in next version you update TLS 1.3 version kindly suggest some alternate to https data without cipher key.

Regards,

Sanjay

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.