Solved: Re: capturing and logging tls headers

srs-api · 09-18-2021 06:59 PM

Hello,

We enabled capturing of the tls variables as mentioned in the documentation

"propagateTLSInformation" : {
    "connectionProperties" : true,
    "clientProperties" : true
  }

We can see the tls variables in the trace under X-Apigee.tls.* , however we are unable to log these header values. Is there something special that needs to be done to capture and log the headers under X-Apigee.tls.* ?

srs-api

I think i figured it out.. Even though they are getting listed as header variables, we need to access them as flow variables. Something like below worked for me and i see values getting set properly:

context.setVariable('inbound.protocol',context.getVariable('tls.protocol'));
context.setVariable('inbound.server',context.getVariable('tls.server.name'));
context.setVariable('inbound.session',context.getVariable('tls.session.id'));
context.setVariable('inbound.cipher',context.getVariable('tls.cipher'));

View solution in original post

API-Evangelist

Which version? May be reach apigee support.. Some reading across known issue.

https://www.googlecloudcommunity.com/gc/Apigee/TLS-information-flow-variables/td-p/10286

srs-api

we are able to see the X-Apigee.tls.* headers in the trace but unable to capture them using getVariables to be able to log them. We are on the public cloud version 4.51

dchiesa1

Can you explain what you mean by this?

unable to capture them using getVariables to be able to log them.

What is getVariables? Can you show some code or policy configuration? And can you explain what you mean by "unable" ? What specifically are you observing?

srs-api

Hi Dino,

We are trying the below in a JS:

context.setVariable('apigee.protocol',context.getVariable('request.header.X-Apigee.tls.protocol'));
context.setVariable('apigee.server',context.getVariable('request.header.X-Apigee.tls.server.name'));
context.setVariable('apigee.session',context.getVariable('request.header.X-Apigee.tls.session.id'));
context.setVariable('apigee.cipher',context.getVariable('request.header.X-Apigee.tls.cipher'));

When we look into the variables like 'apigee.cipher', 'apigee.protocol', nothing is being set.

dchiesa1

Try this:

use something other than "apigee." as the prefix. Use something like "incoming." or any other word.

It's possible that you're running into a sneaky problem in Apigee that disallows you from writing variables with a reserved prefix. If I am correct, then if you look in the Trace output for the JavaScript step, you will see an equals sign with a line through it ( ⧣ ), for each one of those context.setVariable() statements. That is a visual indication that the setVariable() call failed.

The workaround is to use a different prefix.

srs-api

Changed the variable name to "inbound.", but still having the same issue.. Below are the two screenshots

srs-api

I think i figured it out.. Even though they are getting listed as header variables, we need to access them as flow variables. Something like below worked for me and i see values getting set properly:

context.setVariable('inbound.protocol',context.getVariable('tls.protocol'));
context.setVariable('inbound.server',context.getVariable('tls.server.name'));
context.setVariable('inbound.session',context.getVariable('tls.session.id'));
context.setVariable('inbound.cipher',context.getVariable('tls.cipher'));

API-Evangelist

Correct.These variables are retrieved as normal. AFAIK not all variables are available though for which apigee support can provide more information on any known issues.