Vice Admiral Vice Admiral
Vice Admiral
304 views

HTTPS data from RUM to BSM

Hi,

Hope you are doing well. I have some questions in my mind looking for answers.

I was monitoring HTTP traffic in RUM and BSM (APM). RUM was sending data to BSM and everything was working fine. Now i want to monitor HTTPS traffic in RUM and BSM (APM). what would be the work flow for configurig HTTPS scenario? Kindly suggest steps. Step by step work flow would be a great help. I have the guide but guides are making me confuse. looking for help.

APM 9.5 is on Linux (redhat)

RUM 9.5 is on Windows

Best Regards

Labels (1)
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

read "SSL Decryption of Monitored Traffic" in "RUM Deployment Guide" > chapter 5 for all the info you need to know.

0 Likes
Vice Admiral Vice Admiral
Vice Admiral

Hi asaf,

Thank you so much for your response.

Actully I have the guides but guides are making me confuse. They are making things complex for me. I want a flow work / steps. kindly help.

Best Regards

0 Likes
Micro Focus Expert
Micro Focus Expert

I understand, but that's why we have guides.

You can consult with Partner or Professional Services if you want something more detailed.


0 Likes
Vice Admiral Vice Admiral
Vice Admiral

Hi,

Hope you are doing well.

kindly someone suggest me how to disable cipher for an application.

Regards

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi Mike,

This really depends on the application being monitored and what technology it uses.  Most applications will have the option to change the default supported ciphers.  It's best to check the documention and support site for that application.  If it's SM, then I'm sure there will be a good forum available for that too.

If your app uses Apache web server, then you can change the ciphers in a config file, often ssl.conf or httpd-ssl.conf (depnding on the version or platform etc.).  Search the file for 'SSLCipherSuite' and you can use this parameter to allow or deny certain cipher types, or specify explicit ciphers.  It's best to search the on-line apache doc for more information, but here's an example where apache is configured to support just 2 non-Diffie Hellman ciphers:

SSLCipherSuite AES256-GCM-SHA384:AES128-GCM-SHA256

If the app uses tomcat, then there is usually a server.xml file where the https adapter is configured (this section will have keystore configuration as well, and will reference the secure port).  You can add or update a 'ciphers' value within that section, for example:

ciphers="TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256"

Please check the vendor documentation for your app, as that should tell you what ciphers are supported.  Also check with your security department if relevant.

This external link from openssl has a list of long and short cipher names for all the main opensssl ciphers, and can be very useful.  Some apps use the long name and others use the short name:

https://www.openssl.org/docs/man1.0.2/man1/ciphers.html

In the examples above, apache uses the short names for ciphers, and tomcat uses long names.

Regards,

Tim

Vice Admiral Vice Admiral
Vice Admiral

Hi Tim,

Thank you so much for detailed response, really appreciate that. I hope these suggestions will help me to solve my problem.

Regards

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.