Does the APM Websphere Agent support TLS 1.1/1.2 if configured on the WAS server?

book

Article ID: 14705

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction

    This is the first time that this has been documented. It is based on what is understood after reviewing APM documents and having lengthy conversations with APM Engineering. This may not cover all aspects of this issue properly. In the near future, this is very likely to be revised with a more detailed explanation.



Could you please confirm if TLS 1.1/1.2 is supported with WebSphere APM Agent (WAS) and CA APM for Web Servers?

Environment

All APM releases running WebSphere Application Server or CA APM for Web Servers. The customer asking the question had APM WAS Agent using 10.3 under CentOS7.3.

Resolution

CA WebSphere APM Agent (WAS) over CentOS does not use the TLS/SSL version configured on the WebSphere Application Server.  APM only does byte code instrumentation of JAVA classes, generates performance metrics and report them to the CA APM Enterprise Manager server. 

Note that typically an application relies on the operating system to determine the cryptography of the connection including the TLS released used.

Additional Information

https://docops.ca.com/ca-apm/10-5/en/extending/web-server-monitoring/ca-apm-for-web-servers-faqs/

 

 The CA APM for Web Servers supports only SSL v3.0 and TLS v1.0 protocols. You cannot monitor the IIS web server running over PCT 1.0 or the SSL v2.0 protocol.