Follow

How to: Determine what Protocols are in use with your deployed certificates

Applies to:

Venafi TPP 15.3.x - 17.3.x

Summary:

We are able to determine what protocols are in use when doing Network Certificate Validation. In order to see the details, you need to enable the setting first.

To enable the setting:

In Aperture,

(note, in 16.3 and higher this option is enabled by default)

  1. Click on Configuration
  2. Click on Folders
  3. Click on Policy
  4. Click on Certificate Policy
  5. Scroll down to the checkbox called Detect all supported SSL/TLS protocols

This will enable the data to be collected. You will now be able to click on each successfully validated certificate, determine the protocol and take further action if needed.

More Info:

If you would like to extract the data in bulk this is also possible. The details below can help:

Using our REST API it is possible to export the protocol results we have detected. It can be very slow as it does not utilize our recursive option of the methods with large data sets. The recommendation would be to use a database query to get the raw data fast and then feed that into a script that parses the protocol result from the Validation Results and translates it to the human readable format.

1. Attached below is the sample REST API

2. Below is a sample Database Script:

select o.Parent + '\' + o.Name as ObjectDN, c.AttributeValue as ValidationResults

from config_objects o, config_contains c

where o.GUID = c.GUID and c.Attribute = 'Validation Results'

order by ObjectDN;

 

The first and second “columns” of the ValidationResults are the scanned endpoint IP and port, respectively, and the third “column” is the protocol detection result which is a bit mask representing each of the five protocols.  The following table lists the conversion from numeric value to the human readable format.

 

12

SSL 2.0

48

SSL 3.0

60

SSL 2.0, SSL 3.0

192

TLS 1.0

204

SSL 2.0, TLS 1.0

240

SSL 3.0, TLS 1.0

252

SSL 2.0, SSL 3.0, TLS 1.0

768

TLS 1.1

780

SSL 2.0, TLS 1.1

816

SSL 3.0, TLS 1.1

960

TLS 1.0, TLS 1.1

828

SSL 2.0, SSL 3.0, TLS 1.1

972

SSL 2.0, TLS 1.0, TLS 1.1

1008

SSL 3.0, TLS 1.0, TLS 1.1

1020

SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1

3072

TLS 1.2

3084

SSL 2.0, TLS 1.2

3120

SSL 3.0, TLS 1.2

3264

TLS 1.0, TLS 1.2

3840

TLS 1.1, TLS 1.2

3132

SSL 2.0, SSL 3.0, TLS 1.2

3276

SSL 2.0, TLS 1.0, TLS 1.2

3852

SSL 2.0, TLS 1.1, TLS 1.2

3312

SSL 3.0, TLS 1.0, TLS 1.2

3888

SSL 3.0, TLS 1.1, TLS 1.2

4032

TLS 1.0, TLS 1.1, TLS 1.2

3324

SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.2

3900

SSL 2.0, SSL 3.0, TLS 1.1, TLS 1.2

4044

SSL 2.0, TLS 1.0, TLS 1.1, TLS 1.2

4080

SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2

4092

SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2

 

 

Was this article helpful?
3 out of 3 found this helpful

Comments