DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Log TLS Version and Cipher

    Posted Sun August 30, 2020 05:33 PM

    Hi

    Can someone help with the XSLT to capture and log the TLS version and cipher

    I am trying to do the below and it doesnt work

    <xsl:variable name="tlsinfo">

    <xsl:copy-of select="dp:variable('var://service/tls-info')"/>

    </xsl:variable>

    <dp:set-variable name="'var://context/TLS/info'" value="$tlsinfo"/>

    <dp:set-variable name="'var://context/TLS/version'" value="$tlsinfo/tls-info/version"/>

    <dp:set-variable name="'var://context/TLS/cipher'" value="$tlsinfo/tls-info/cipher"/>

    Basically I am trying to save it a context seperately and log it seperately .

    Thanks



    #DataPower
    #Support
    #SupportMigration


  • 2.  RE: Log TLS Version and Cipher
    Best Answer

    Posted Mon August 31, 2020 08:55 AM

    So I dropped your XSLT snippet plus three debug log statements into a MPGW dummy processing policy as XSLT Transform Action with input NULL and output NULL.

    <?xmlversion="1.0"encoding="utf-8"?> <xsl:stylesheetversion="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions" extension-element-prefixes="dp" exclude-result-prefixes="dp"> <xsl:templatematch="/"> <xsl:variablename="tlsinfo"> <xsl:copy-ofselect="dp:variable('var://service/tls-info')"/> </xsl:variable> <xsl:messagedp:priority="debug"><xsl:copy-ofselect="concat('tlsinfo=',$tlsinfo)"/></xsl:message> <xsl:messagedp:priority="debug"><xsl:value-ofselect="concat('tlsinfo/tls-info/version=',$tlsinfo/tls-info/version)"/></xsl:message> <xsl:messagedp:priority="debug"><xsl:value-ofselect="concat('tlsinfo/tls-info/cipher=',$tlsinfo/tls-info/cipher)"/></xsl:message> <dp:set-variablename="'var://context/TLS/info'"value="$tlsinfo"/> <dp:set-variablename="'var://context/TLS/version'"value="$tlsinfo/tls-info/version"/> <dp:set-variablename="'var://context/TLS/cipher'"value="$tlsinfo/tls-info/cipher"/> </xsl:template> </xsl:stylesheet> This successfully writes the log messages: 8:44:26AM xsltmsg debug 16240 request 192.168.0.10 0x80000001 mpgw(tls-info):tlsinfo/tls-info/cipher=ECDHE-RSA-AES256-GCM-SHA384 8:44:26AM xsltmsg debug 16240 request 192.168.0.10 0x80000001 mpgw(tls-info):tlsinfo/tls-info/version=TLSv1.2 8:44:26AM xsltmsg debug 16240 request 192.168.0.10 0x80000001 mpgw(tls-info):tlsinfo=TLSv1.2ECDHE-RSA-AES256-GCM-SHA384my.dp.comX98X5SkzfhYL0wD73f61Ox695pcTMiUHkSjeSKuwJgE= And the set variables can also be seen filled in Context Variables tab in Probe after the Tranform Action. So with the limited information so far it is unclear what is missing for you. It is a SSL/TLS connection, right? ;-)

    #DataPower
    #Support
    #SupportMigration


  • 3.  RE: Log TLS Version and Cipher
    Best Answer

    Posted Tue September 08, 2020 08:39 AM

    Thanks AugustDP .Not sure I ran the same way and now I get the expected log and context set .

    Thank you for the response

    Thanks

    Deepak



    #DataPower
    #Support
    #SupportMigration


Related Content