Provide Event Detector to Alert if SSL V3 detected

Idea created by BobDavidson on Jul 7, 2017
    Delivered
    Score3
    • jwhitcomb
    • BobDavidson
    • Paul-Williams

    Provide the capability to define an Event Detector that would be able to generate an alert or run a process if selected SSL level (SSL V2/V3 TLS 1.0 1.1 1.2 etc) was detected as being used by a connection on selected IP addresses ranges and or port.

     

     

    We have a use case whereby when CICS is configure to support TLS 1.2 then the older protocols SSL 3.0 and SSL 2.0 are disabled and no longer accepted.

     

    Therefore before we can implement TLS 1.2 in Production we need to be 100% certain that no traffic to those ports that are to be upgrade use the old SSL levels. This information is unavailable in SMF records unless ATTLS is in use which is generally not the case for CICS.

    Therefore we need this type of mechanism to be able to detect any of this legacy traffic.