RUM traffic no handshake 100 %
Hope you are doing fine.
After disabling the diffie hellman we are getting 100 % no handshake in SSL Application Decryption Statistics field. Kindly suggest what is the reason of no handshake and how we can decrypt our traffic successfully? Waiting for your kind response.
No handshake can be caused by dropped packets or only half of the conversation being seen (e.g. the traffic being sent to the Probe's interface only contains server to client packets, or only client to server packets). If your Probe is on Linux, you can run tcpdump to check that you can see comms to and from the client and server. If it's on Windows, you can take a sample with PCAP and check it in Wire Shark.
You can also use Wire Shark to check if it can see handshakes in traffic being copied to the Probe. If you can see successful handshakes in Wire Shark (and you'll also be able to see the ciphers being used), then the RUM Probe should be OK. But if you can't see successful handshakes in Wire Shark, then it's usually a problem with the network traffic being presented to the Probe.
Also, check the other RUM Probe stats in the RUM Engine Web Console for packet loss etc. and check that network volumes are within supported capacity. Even a small percentage of dropped packets can cause no handshakes to be seen, as one dropped packet in the end to end process for a handshake is enough to stop RUM being able to validate it.
I don't have a system with Wireshark on that I can access at the moment to get an example. I think you'll need an IP or port filter for source and destination. Check the help menu, or a quick internet search for wireshark filters and that should give you some good pointers.