INFO: SSL Decryption Problems due to Diffie-Hellman key exchange
This article applies to:
- Not seeing any events on port 443 (SSL traffic)
When it appears that the systems are seeing SSL traffic but decryption is not functioning, check that the webserver is not configured for Diffie-Hellman key exchange. This algoorithm is not supported in any version of WebDefend.
- A common reason for this problem is a test Apache server that was not re-configured for the production environment.
To determine whether Diffie-Hellman is in use, check the ssl_debug.log file in the logs directory of each product.