How to view SSL Stats (Monitor & Analyze) in Silverline Portal

Description

• How to view the SSL stats in Silverline Portal
• Explanations of graphs on SSL Stats page
• How to filter graphs on SSL Stats page

What is SSL Stats page?

• Silverline Portal page that provides information relating to SSL, when a proxy is configured to terminate SSL sessions
• Primarily used to determine
  • (a) whether the cipher suites in use are appropriate for the application
  • and (b) the impact that the use of a new cipher would have

Environment

• Silverline Portal
  • SSL Stats
• SSL Certificates
• SSL Profiles

Procedure

1. Navigate to Monitor & Analyze > Stats > SSL Stats
2. View the following graphs for all proxies (default view):
   • Handshakes - number of SSL handshakes observed over time period
     • number of handshakes which both succeeded and failed
     • Failed handshakes are indicative of customer browsers being incompatible with the cipher suite chosen
   • SSL Traffic - relative inbound and outbound traffic volume for encrypted and unencypted traffic
     • Shown in Megabytes (MB)
     • Encrypted traffic (both inbound and outbound) vs invalid (un-decryptable) traffic due to error
   • Key Exchange - type of key exchange being used between client and server.  
     • Servers will offer a variety of key exchange methods in an effort to maintain broad compatibility while retaining a high level of security.
     • Graph differentiates between IPv4 and IPv6 exchanges.  
     • Two main key exchange methods: Diffie-Hellman and RSA.  RSA algorithms are the most broadly supported in browsers, although increasing browser adoption for later versions is making Diffie-Hellman more common.
   • Ciphers - algorithm that will be used to encrypt the data itself between client and server.  
     
     • Q&A: What are the SSL ciphers that are supported in Silverline?
   • Protocols - shows the usage of TLS 0.9, 1.0, 1.1 and 1.2.  
     • TLS 1.0 was introduced in 1999 and should be waning in usage for almost all internet users.  
     • TLS 1.1 was introduced in 2006 while TLS 1.2 was introduced in 2008, and between them they make up the bulk of internet browser traffic for SSL today.  
     • TLS 1.2 added support for advanced encryption algorithms, such as AES-GCM.
   • Message Digest - shows the usage of algorithms such as SHA
3. Filter the timeframe for stats by using the Date Selector in the upper-right.
4. Filter to one or more proxies using the Filter button in the upper-left
   1. Field: Proxy
   2. Operator: choose Is or Is not
   3. Blank text field:
      • a) Click in blank field to view available Proxies
      • b) Choose from drop-down or start typing to narrow drop-down choices
      • c) Continue to click and select proxies from drop-down until all desired Proxies are listed in this field
   4. Click Add to refresh graphs to only selected Proxies.
   5. Click Clear All to refresh graphs to showing all Proxies again

Related Content

• SSL Workflow: How to Upload SSL Certificates, Create SSL Profiles, and Add SSL Profiles to Proxy
• How to Manage Existing SSL Certificates and SSL Profiles
• Q&A: What would cause an increment to the SSL Handshake Failure in the SSL Stats?
• Issue/Solution: Proxy Connectivity Issues / Backend Application Slowness