6.10. SSL/TLS Metering
New in R 3.0
Three new counter groups give you great visibility into the SSL encrypted traffic in your network.
- TLS Orgs – Traffic by servers from subject part of the certificate
- TLS Ciphers – Traffic by encryption and key exchange algorithm
- TLS CAs – Traffic by certificate authority
Trisul detects usage of SSL/TLS using port independent heuristics.
Trisul handles SSL/TLS session resume.
Trisul handles SSL/TLS session resume.
6.10.1 TLS Orgs
Meter traffic by the entity in the Subject Common Name in the X.509 Certificate. This counter group tells you how much of your SSL traffic is Google, Twitter, Dropbox, etc. Visibiliy you cannot have otherwise.
Select Retro → Retro Counters → Choose TLS Orgs from the dropdown list
You can also generate long term usage reports with several charts like the pie chart shown below using Retro Tools.
Select Retro → Retro Tools → Select Counter Group Toppers → Select TLS Orgs
6.10.2 TLS Ciphers
Meters traffic by the “cipher suite” used by SSL/TLS connections. The cipher suite is a combination of the encryption and the key-exchange algorithm used.
6.10.4 Usage tips
- SSL Cert resources allow you to search for hashes in bulk
- SSL Cert FTS allow you to search for arbitrary strings in certificates