Highlighted
Vice Admiral Vice Admiral
Vice Admiral
214 views

RUM traffic no handshake 100 %

Hi,

Hope you are doing fine.

After disabling the diffie hellman we are getting 100 % no handshake in SSL Application Decryption Statistics field. Kindly suggest what is the reason of no handshake and how we can decrypt our traffic successfully? Waiting for your kind response.

 

Regards

Labels (1)
3 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Mike,

No handshake can be caused by dropped packets or only half of the conversation being seen (e.g. the traffic being sent to the Probe's interface only contains server to client packets, or only client to server packets). If your Probe is on Linux, you can run tcpdump to check that you can see comms to and from the client and server. If it's on Windows, you can take a sample with PCAP and check it in Wire Shark.

You can also use Wire Shark to check if it can see handshakes in traffic being copied to the Probe. If you can see successful handshakes in Wire Shark (and you'll also be able to see the ciphers being used), then the RUM Probe should be OK. But if you can't see successful handshakes in Wire Shark, then it's usually a problem with the network traffic being presented to the Probe.

Also, check the other RUM Probe stats in the RUM Engine Web Console for packet loss etc. and check that network volumes are within supported capacity. Even a small percentage of dropped packets can cause no handshakes to be seen, as one dropped packet in the end to end process for a handshake is enough to stop RUM being able to validate it.

Regards,
Tim

0 Likes
Highlighted
Vice Admiral Vice Admiral
Vice Admiral

Hi Tim,

Thank you so much for your reply.

would you please tell me how i can see handshakes in traffic using Wire Shark , which filter should i use?

Regards

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Hi Mike,

I don't have a system with Wireshark on that I can access at the moment to get an example.  I think you'll need an IP or port filter for source and destination.  Check the help menu, or a quick internet search for wireshark filters and that should give you some good pointers.

Regards,

Tim

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.