We would like to know what protocols (TLS 1.0, 1.1, or 1.2) are used by the clients while making API requests to Edge. Want to get data around how many clients are using TLS 1.0, 1.1 or 1.2. Is it possible to get this information through Analytics ?
Solved! Go to Solution.
After some investigation, I figured out the following information. We have two options:
Option #1: Logs on Elastic Load Balancer
Option #2: Nginx Access Logs on Apigee Router
jsonPayload.ssl_protocol | TLSv1.2 |
Amar, I think that information is not propagated from the router to the MP, when TLS is used.
This page describes the TLS variables. But I believe the doc is out of date. ( @Floyd Jones FYI ) When Apigee moved from the netty router to nginx, the nginx config did not reproduce the netty behavior in this respect. Variables for TLS info related to the client cert were no longer propagated. There is a bug: b/67884063 .
I think the analogous is also true when the connection uses 1way TLS: There is nothing about the protocol or cipher propagated to the MP.
If your security requirements allow for it, there is a possible workaround.
You can terminate TLS at a load balancer infront of the Apigee Router (instead of the Apigee Routers), the load balancer can be configured to capture these TLS attributes and propagate them as HTTP headers.
Whether you can/should use this workaround depends on your InfoSec requirements, placement zone of Apigee Routers , etc.
Thanks for your suggestions.
After some investigation, I figured out the following information. We have two options:
Option #1: Logs on Elastic Load Balancer
Option #2: Nginx Access Logs on Apigee Router
jsonPayload.ssl_protocol | TLSv1.2 |
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |