{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
0
Question by AMAR DEVEGOWDA · Dec 20, 2017 at 06:28 PM · 473 Views analyticsprotocols

How to determine what protocol is being used by the clients while connecting to Edge ?

We would like to know what protocols (TLS 1.0, 1.1, or 1.2) are used by the clients while making API requests to Edge. Want to get data around how many clients are using TLS 1.0, 1.1 or 1.2. Is it possible to get this information through Analytics ?

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

3 Answers

  • Sort: 
avatar image
0
Best Answer

Answer by AMAR DEVEGOWDA · Mar 04, 2018 at 02:05 PM

After some investigation, I figured out the following information. We have two options:

Option #1: Logs on Elastic Load Balancer

  1. If we have Elastic Load Balancer (ELB) in front of the Apigee Router and the SSL termination happens on the ELB, then we can enable logs on the ELB.
  2. The logs contain the information about the Client IP address and also the Protocol being used to communicate with Apigee Edge.
  3. Refer to this link to understand the log entry format and what each of the fields represent to determine the Client IP and Protocol.

Option #2: Nginx Access Logs on Apigee Router

  1. If the SSL termination happens on the Apigee Router, then Nginx access logs has a field named "jsonPayload.ssl_protocol" which will contain the information of the protocol being used by the clients to communicate with Edge.
    • For ex:
      jsonPayload.ssl_protocol TLSv1.2
Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
1

Answer by Rahul M · Dec 20, 2017 at 09:03 PM

If your security requirements allow for it, there is a possible workaround.

You can terminate TLS at a load balancer infront of the Apigee Router (instead of the Apigee Routers), the load balancer can be configured to capture these TLS attributes and propagate them as HTTP headers.

Whether you can/should use this workaround depends on your InfoSec requirements, placement zone of Apigee Routers , etc.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image AMAR DEVEGOWDA ♦ · Mar 04, 2018 at 01:42 PM 0
Link

@rmishra,

Thanks for your suggestions.

avatar image
0

Answer by Dino   · Dec 20, 2017 at 08:41 PM

Amar, I think that information is not propagated from the router to the MP, when TLS is used.

This page describes the TLS variables. But I believe the doc is out of date. ( @Floyd Jones FYI ) When Apigee moved from the netty router to nginx, the nginx config did not reproduce the netty behavior in this respect. Variables for TLS info related to the client cert were no longer propagated. There is a bug: b/67884063 .

I think the analogous is also true when the connection uses 1way TLS: There is nothing about the protocol or cipher propagated to the MP.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

58 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

analytics api 1 Answer

Relocating Edge Analytic Database (PostgreSQL) to Amazon RDS 2 Answers

Would like to know list of apis,products and applications from Apigee of a particular organization. 2 Answers

Developer Registrations Over Time Report 3 Answers

Analytics for organization 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges