183
edits
TLS module: Difference between revisions
m
link to common table columns page
m (Link for IP column details) |
m (link to common table columns page) |
||
| Line 18: | Line 18: | ||
The web page of the SSL module uses three tabs for showing all available information. At the top of the page, you will find a button which links to this documentation and a thrashcan button to clear all the statistics. | The web page of the SSL module uses three tabs for showing all available information. At the top of the page, you will find a button which links to this documentation and a thrashcan button to clear all the statistics. | ||
'''SSL servers''' | '''SSL servers''' | ||
| Line 26: | Line 24: | ||
The table of IP addresses contains a search bar where you can enter an IP address or string which is matched against all name fields. This makes it possible to search for a specific IP or to find all IP addresses involved for a given certificate name. | The table of IP addresses contains a search bar where you can enter an IP address or string which is matched against all name fields. This makes it possible to search for a specific IP or to find all IP addresses involved for a given certificate name. | ||
The columns are as follows: | The columns are as follows: | ||
* IP address: This is the IP address for which SSL information has been seen. Clicking on | * IP address (see [[Common table columns#IP|Common table columns - IP]]): This is the IP address for which SSL information has been seen. Clicking on ''SSL server statistics'' will lead to the IP module page of the same IP address. | ||
* Country: The country code for the corresponding IP. | * Country: The country code for the corresponding IP. | ||
* Alternative names: All known names for that IP address are shown in the column. This includes the DNS name and DHCP name, if available. | * Alternative names: All known names for that IP address are shown in the column. This includes the DNS name and DHCP name, if available. | ||
| Line 32: | Line 30: | ||
* Common name: Similar to the server name, the common names of all seen certificates are listed here, which have been returned by the server. | * Common name: Similar to the server name, the common names of all seen certificates are listed here, which have been returned by the server. | ||
* Capture: The capture button allows to directly capture traffic for the corresponding IP address. | * Capture: The capture button allows to directly capture traffic for the corresponding IP address. | ||
'''Most accessed SSL servers''' | '''Most accessed SSL servers''' | ||
The second tabs shows the top list of all accessed SSL servers, showing the most accessed server first. The list contains the number of | The second tabs shows the top list of all accessed SSL servers, showing the most accessed server first. The list contains the number of requests, the IP (with a link to main server list filtered for that IP; see [[Common table columns#IP|Common table columns - IP]]), the country of that IP, and alternative names known for this IP. | ||
'''SSL response times''' | '''SSL response times''' | ||
The third tab | The third tab shows global statistics of all SSL requests and a list of all SSL servers for which response times could be calculated. | ||
The global statistics contains for the SSL handshake and first SSL data transmission: | The global statistics contains for the SSL handshake and first SSL data transmission: | ||
| Line 60: | Line 54: | ||
Below the graphs there is the list of all HTTP servers with the following columns: | Below the graphs there is the list of all HTTP servers with the following columns: | ||
* IP: The server IP. Clicking on | * IP (see [[Common table columns#IP|Common table columns - IP]]): The server IP and name. Clicking on ''SSL server statistics'' leads to the connection view of the IP module which allows to see the actual connections with the response times. | ||
* Country: The country code for the IP address. | * Country: The country code for the IP address. | ||
* Type: This column indicates both rows of data shown in the following columns. The first line is the SSL handshake time, and the second column is the SSL data resonse time. | * Type: This column indicates both rows of data shown in the following columns. The first line is the SSL handshake time, and the second column is the SSL data resonse time. | ||
| Line 70: | Line 64: | ||
* Score: The score is a value between 1 and 5 describing the quality of the HTTP server. 1 means the worst quality, 5 means the best quality. The value is calculated based on a scoring algorithm. The score allows to quickly sort for quality and identify bad performing servers. For sorting, the smaller of both response times is used. | * Score: The score is a value between 1 and 5 describing the quality of the HTTP server. 1 means the worst quality, 5 means the best quality. The value is calculated based on a scoring algorithm. The score allows to quickly sort for quality and identify bad performing servers. For sorting, the smaller of both response times is used. | ||
* Alternative names: The column contains other names for this IP address, from whatever name source that is available (DNS, DHCP, ...). | * Alternative names: The column contains other names for this IP address, from whatever name source that is available (DNS, DHCP, ...). | ||
'''Used TLS versions''' | '''Used TLS versions''' | ||
The version tab shows all SSL/TLS versions that were negotiated in a SSL server hello. For each TLS version the traffic is shown. By clicking a version a detail page is shown with a table of all IPs that used this TLS version and related traffic counters. Further clicking on an IP address will show IP connection detail page with all connections of that TLS version. | The version tab shows all SSL/TLS versions that were negotiated in a SSL server hello. For each TLS version the traffic is shown. By clicking a version a detail page is shown with a table of all IPs that used this TLS version and related traffic counters. Further clicking on an IP address will show IP connection detail page with all connections of that TLS version. | ||
'''Negotiated SSL/TLS cipher suites''' | '''Negotiated SSL/TLS cipher suites''' | ||
| Line 80: | Line 76: | ||
By click on a cipher suite a detail page is shown with a table of [[Common table columns#IP|all IPs]] that used this cipher suite in a SSL connection either as server or client. A graph shows the server hellos having that IP as either source or destination over time. | By click on a cipher suite a detail page is shown with a table of [[Common table columns#IP|all IPs]] that used this cipher suite in a SSL connection either as server or client. A graph shows the server hellos having that IP as either source or destination over time. | ||
When clicking on an IP address the connection tab of that particular IP address is shown with a preset filter of SSL connections with that cipher suite to allow further investigation. | When clicking on an IP address the connection tab of that particular IP address is shown with a preset filter of SSL connections with that cipher suite to allow further investigation. | ||
'''SSL certificates''' | '''SSL certificates''' | ||