SSL/TLS Insights
Click Insights > SSL/TLS: SSL/TLS Handshakes or SSL/TLS Certificates to display a corresponding Insight reporting the SSL/TLS activity observed by AppResponse 11. These are useful for investigating issues such as questions about the certificates being seen in network traffic, and for investigating failed or slow handshakes.
Refer to
SSL Decryption for instructions on enabling SSL/TLS for AppResponse 11.
For each SSL/TLS Insight, there is first an Input page, enabling you to constrain the set of handshakes or certificates that you want to view. If you click Launch without specifying any details, the resulting Insight will show the complete, unconstrained set of handshake/certificate activity. Note that for fields marked with a Search icon (magnifying glass), clicking on the icon can display a pulldown menu of known possible entries for that field.
Each Insight provides a summary of high level statistics for the activity, plus a set of tabs that enable you to view the displayed activity in terms of a particular characteristic such as Client IPs, SSL/TLS Version, Certificate Status, and Cipher Suite, among many others. In the SSL/TLS Handshakes Insight, right-clicking on a handshake enables you to download packets for it.
Be conscious of the following behaviors:
◼ Certificate info is not extracted for TLS 1.3.
◼ TLS renegotiations are only if the session is decrypted.
◼ Certificate serial numbers are displayed in hexadecimal signed format (per OpenSSL convention):
◼ Positive numbers (normal case) = 0xABABABABABABABABABABABAB
◼ Negative numbers = -0xABABABABABABABABABABABAB
When converting from decimal to hexadecimal, be sure to use the signed version:
◼ Convert decimal unsigned to decimal .
◼ Convert signed decimal to hexadecimal.