SSL-related rcon commands

You can use the following SSL-related rcon commands on your NAM Probe to check on the operation of the decryption mechanism. See RTM console (rcon) for general help on rcon.

SSLDECR CIPHERS

Displays cipher suites detected during decryption (with an option to list all available ciphers).

  • ssldecr ciphers — show cipher suites detected during decryption
  • ssldecr ciphers all — show cipher suites detected during decryption (with option to list all available ciphers).

SSLDECR KEYS

Displays keys read by decryptor (with an option to force a reload of all private keys).

  • ssldecr keys — show SSL keys
  • ssldecr keys reload — show SSL keys with option to reload all private keys

SSLDECR STATUS

Displays the status for the decryption engine and lists the statistics of the observed sessions. Internal decryptor diagnostics are also provided. You can use the command with the following options:

  • ssldecr status — show the summary status for all servers.
  • ssldecr status all — show the detailed status for each server individually.
  • ssldecr status 10.10.10.11 — show the detailed status for server 10.10.10.11.
  • ssldecr status 10.10.10.11 443 — show the detailed status for server 10.10.10.11, port 443.

All information and statistics returned by this command relate to the period of time since the last restart of the device.

  • The CONFIGURATION section of the output gives status information for the decryption engine. Note the SSL engine mode (native, auto, or thread) included in parentheses and statistics of how many private keys have been matched or failed to match.
  • The SESSIONS section of the output gives session statistics.
    • There are no statistics for “partially decrypted session in progress” (sessions with some errors but for which decryption is still continuing). This is because as soon as there is an error, the decryption process is terminated and the session is counted as “finished” even though the actual transfer of data may still continue and byte and packet statistics still counted.
    • The term “reused sessions” indicates sessions for which the server agrees to continue using an already established session key from earlier on. This is referred to as a short handshake, as compared to a long handshake when the entire process of establishing an SSL connection is started again.

SSLDECR CERTS

Displays discovered SSL certificates.

  • ssldecr certs — show all discovered SSL certificates.
  • ssldecr certs 10.10.10.11 — show all discovered SSL certificates for IP address 10.10.10.11.
  • ssldecr certs 10.10.10.11 443 — show all discovered SSL certificates for IP address 10.10.10.11, port 443.