JANUS SSLSTAT or SSLSTATUS: Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (link repair)
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:JANUS SSLSTAT or SSLSTATUS}}
{{DISPLAYTITLE:JANUS SSLSTAT or SSLSTATUS}}
<span class="pageSubtitle">SSLSTAT or SSLSTATUS</span>
<span class="pageSubtitle">Display SSL activity</span>


JANUS SSLSTAT and JANUS SSLSTATUS are simply two ways of issuing the same command. The JANUS SSLSTAT or SSLSTATUS command provides a detailed display of the SSL activity for each combination of Janus port and network security protocol. "SSL activity" refers to ''[http://www.sirius-software.com/maint/download/jansslr.pdf Janus Network Security]'' encrypted communications on a Janus port whose definition includes an SSL parameter specification. <var class="product">Janus Network Security</var> supports the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.
<var>JANUS SSLSTAT</var> and <var>JANUS SSLSTATUS</var> are simply two ways of issuing the same command. The <var>JANUS SSLSTAT</var> or <var>SSLSTATUS</var> command provides a detailed display of the SSL activity for each combination of Janus port and network security protocol. "SSL activity" refers to <var class="product">[[Janus Network Security]]</var> encrypted communications on a Janus port whose definition includes an SSL parameter specification. <var class="product">Janus Network Security</var> supports the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.


==Syntax==
==Syntax==
<p class="syntax">JANUS SSLSTATUS portname
<p class="syntax">JANUS SSLSTATUS <span class="term">portname</span>
</p>
</p>


Where <var class="term">portname</var> is the name of the port(s) to display. <var class="term">portname</var> defaults to an asterisk (<tt>*</tt>) to display the SSL activity on all ports.
Where <var class="term">portname</var> is the name of the port(s) to display. <var class="term">portname</var> defaults to an asterisk (<tt>*</tt>) to display the SSL activity on all ports.


For example, the following command would display the encrypted connection activity on all defined ports:  
For example, the following sample command, which displays the encrypted connection activity on all defined ports, is followed by its output:
<p class="code">JANUS SSLSTATUS *
<p class="code">JANUS SSLSTATUS *</p>
 
<p class="output"> Name          Port  Type    Stat  Prot  Connects  SesNew  SesNF  SesTO Errs
JANWEBS        443 WEBSERV  Start SSLV2        1      1      0      0    0
JANWEBS        443 WEBSERV  Start 3/TLS      308    180      0      0  30
UKWEBS          443 WEBSERV  Stop  SSLV2        0      0      0      0    0
UKWEBS          443 WEBSERV  Stop  3/TLS        0      0      0      0    0
CLUBWEBS        443 WEBSERV  Stop  SSLV2        0      0      0      0    0
CLUBWEBS        443 WEBSERV  Stop  3/TLS        0      0      0      0    0
MKIWEBS        443 WEBSERV  Stop  SSLV2        0      0      0      0    0
MKIWEBS        443 WEBSERV  Stop  3/TLS        0      0      0      0    0
HOCKEYS        443 WEBSERV  Start SSLV2        1      1      0      0    0
HOCKEYS        443 WEBSERV  Start 3/TLS        9      9      0      0    0
XTENDS        7879 WEBSERV  Start SSLV2        0      0      0      0    0
XTENDS        7879 WEBSERV  Start 3/TLS        0      0      0      0    0
</p>
</p>


==Output==
==Command output==
JANUS SSLSTATUS provides the following information:
<var>JANUS SSLSTATUS</var> provides the following columns of information:
<table>
<table>
<tr><th><var>Name</var></th>
<tr><th><var>Name</var></th>
Line 37: Line 51:
<td>Number of TCP/IP connections made to the port.  
<td>Number of TCP/IP connections made to the port.  
<p>
<p>
For a WEBSERV port, this corresponds to the number of "hits" or pages requested from the server.</p></td></tr>
For a <var>[[JANUS DEFINE#type|WEBSERV]]</var> port, this corresponds to the number of "hits" or pages requested from the server.</p></td></tr>


<tr><th><var>SesNew</var></th>
<tr><th><var>SesNew</var></th>
Line 52: Line 66:
<td>The number of times a browser tried to continue an SSL/TLS session but Janus decided that the session information in its session cache had expired.  
<td>The number of times a browser tried to continue an SSL/TLS session but Janus decided that the session information in its session cache had expired.  
<p>
<p>
These timeouts are only likely to happen if the default SSL session life-spans are overridden with the SSLMAXAGE parameter () on the JANUS DEFINE command. If SSLMAXAGE is not defined, both Janus and the other side of an encrypted connection are likely to be using the same default life-spans for secure sessions: 2 minutes for SSL V2, and 24 hours for SSL V3 and TLS. </p>
These timeouts are only likely to happen if the default SSL session life-spans are overridden with the <var>[[SSLMAXAGE (JANUS DEFINE parameter)|SSLMAXAGE]]</var> parameter on the <var>JANUS DEFINE</var> command. If <var>SSLMAXAGE</var> is not defined, both Janus and the other side of an encrypted connection are likely to be using the same default life-spans for secure sessions: 2 minutes for SSL V2, and 24 hours for SSL V3 and TLS. </p>
<p>
<p>
If both client and server have identical values for the maximum SSL/TLS session life-span, there is a slight chance that a client will decide that a secure session is still valid (by say one millisecond), but the delay between this and the time the server receives the request is long enough for the server to decide the session is expired. Even so, an expired session simply forces the client and server to start a new session by exchanging a new "master-secret" using public-key/private-key encryption/decryption. Otherwise, processing continues as usual over the connection.</p></td></tr>
If both client and server have identical values for the maximum SSL/TLS session life-span, there is a slight chance that a client will decide that a secure session is still valid (by say one millisecond), but the delay between this and the time the server receives the request is long enough for the server to decide the session is expired. Even so, an expired session simply forces the client and server to start a new session by exchanging a new "master-secret" using public-key/private-key encryption/decryption. Otherwise, processing continues as usual over the connection.</p></td></tr>
Line 61: Line 75:
By far, the most common cause of these protocol errors is an attempt to connect to a secured port using something other than SSL or TLS: either unencrypted data or an unsupported protocol.</p></td></tr>
By far, the most common cause of these protocol errors is an attempt to connect to a secured port using something other than SSL or TLS: either unencrypted data or an unsupported protocol.</p></td></tr>
</table>
</table>
==See also==
<ul>
<li>[[List of Janus commands]]
</ul>


[[Category:Janus commands|JANUS SSLSTAT or SSLSTATUS]]
[[Category:Janus commands|JANUS SSLSTAT or SSLSTATUS]]

Latest revision as of 22:47, 31 May 2016

Display SSL activity

JANUS SSLSTAT and JANUS SSLSTATUS are simply two ways of issuing the same command. The JANUS SSLSTAT or SSLSTATUS command provides a detailed display of the SSL activity for each combination of Janus port and network security protocol. "SSL activity" refers to Janus Network Security encrypted communications on a Janus port whose definition includes an SSL parameter specification. Janus Network Security supports the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.

Syntax

JANUS SSLSTATUS portname

Where portname is the name of the port(s) to display. portname defaults to an asterisk (*) to display the SSL activity on all ports.

For example, the following sample command, which displays the encrypted connection activity on all defined ports, is followed by its output:

JANUS SSLSTATUS *

Name Port Type Stat Prot Connects SesNew SesNF SesTO Errs JANWEBS 443 WEBSERV Start SSLV2 1 1 0 0 0 JANWEBS 443 WEBSERV Start 3/TLS 308 180 0 0 30 UKWEBS 443 WEBSERV Stop SSLV2 0 0 0 0 0 UKWEBS 443 WEBSERV Stop 3/TLS 0 0 0 0 0 CLUBWEBS 443 WEBSERV Stop SSLV2 0 0 0 0 0 CLUBWEBS 443 WEBSERV Stop 3/TLS 0 0 0 0 0 MKIWEBS 443 WEBSERV Stop SSLV2 0 0 0 0 0 MKIWEBS 443 WEBSERV Stop 3/TLS 0 0 0 0 0 HOCKEYS 443 WEBSERV Start SSLV2 1 1 0 0 0 HOCKEYS 443 WEBSERV Start 3/TLS 9 9 0 0 0 XTENDS 7879 WEBSERV Start SSLV2 0 0 0 0 0 XTENDS 7879 WEBSERV Start 3/TLS 0 0 0 0 0

Command output

JANUS SSLSTATUS provides the following columns of information:

Name Name defined to the TCP/IP port.
Port TCP/IP port number.
Type IFDIAL, SDS, OAS, OMNI, OPENSERV, WEBSERV, CLSOCK, or SRVSOCK.
Stat Status of the connection (started, stopped, forcing, or draining).
Prot The security protocol to which the line applies.

One line is displayed for each port for each protocol. Currently, the supported protocols are SSL version 2 (V2), SSL V3, and TLS V1.

Connects Number of TCP/IP connections made to the port.

For a WEBSERV port, this corresponds to the number of "hits" or pages requested from the server.

SesNew Number of new SSL/TLS sessions created for the port.

SesNew is always less than Connects, because the worst case is that each new connection requires a new session. A new session requires the exchange of a "master-secret" using computationally expensive public-key/private-key encryption/decryption. Because of the cost of this exchange, most SSL/TLS implementations try to re-use a master-secret from a previous connection. All connections that use the same master-secret are part of an SSL/TLS session. Ideally, SesNew would be significantly less than Connects.

SesNF The number of times a browser tried to continue an SSL/TLS session but Janus was unable to locate the session information in its session cache.

This not-found situation is only likely to happen if the session information was displaced from the session cache by other sessions. If SesNF is a large value, it might be worth increasing the size of the SSL session cache with the SSLCACHE on the JANUS DEFINE command. While from a client's perspective, a session-not-found situation can also occur if the port (or possibly the Online) serving the connection was cycled since the last connection by the client, this is not counted as part of SesNF.

SesTO The number of times a browser tried to continue an SSL/TLS session but Janus decided that the session information in its session cache had expired.

These timeouts are only likely to happen if the default SSL session life-spans are overridden with the SSLMAXAGE parameter on the JANUS DEFINE command. If SSLMAXAGE is not defined, both Janus and the other side of an encrypted connection are likely to be using the same default life-spans for secure sessions: 2 minutes for SSL V2, and 24 hours for SSL V3 and TLS.

If both client and server have identical values for the maximum SSL/TLS session life-span, there is a slight chance that a client will decide that a secure session is still valid (by say one millisecond), but the delay between this and the time the server receives the request is long enough for the server to decide the session is expired. Even so, an expired session simply forces the client and server to start a new session by exchanging a new "master-secret" using public-key/private-key encryption/decryption. Otherwise, processing continues as usual over the connection.

Errs The number of security protocol errors.

By far, the most common cause of these protocol errors is an attempt to connect to a secured port using something other than SSL or TLS: either unencrypted data or an unsupported protocol.

See also