In today’s modern web environments, HTTPS and SSL are key to ensuring the security and privacy of transactions and business services.
In the past few years there have been many public and embarrassing security breaches which have forced the industry to increase different aspects of SSL and HTTPS.
One of these changes is the more prevalent use of Diffie Hellman (DH) key exchange.
DH is designed to eliminate the possibility of the “man in the middle” decryption scheme by ensuring only SSL end-points can securely exchange ciphers. Unfortunate this “man in the middle” decryption is the basis for all passive web monitors who are in-between these SSL endpoints like APM’s CEM Transaction Impact Monitor (TIM).
Another is the use of “Extended Master Secret” for TLS which also works to eliminate the ability to inject arbitrary data into the beginning of a secured connection. This also affects passive web monitoring in a similar way to DH.
These recent TLS features are not supported by APM TIM.
What are some the limitations with APM TIM and available workaround?
All supported APM TIM releases