We often get Secure+ error messages (prefix CSPA) that don’t necessarily indicate a Secure+ issue. This makes it difficult to monitor for errors. The error messages that have caused us the most difficulty are:
We often see these error messages but they reflect a transient networking issue rather than an actual Secure+ error. That makes it difficult to alert on Secure+ issues because of the large number of false positives we would generate with a simple message alert.
If the SSL handshake fails because the remote side doesn’t respond or sends a TCP reset, we would like the error message to indicate that as opposed to the case where the SSL handshake fails because of a true SSL handshake failure. The former error is transient while the latter will require some change to the security configuration on either the remote or local node to correct the problem.
I’ve attached a document showing some examples of CSPA error messages followed by successful connections.
How will this idea be used?
If implemented, we will use this idea to improve the monitoring of remote nodes. Currently, we have a custom-built monitor running in CA's Netmaster product that checks connectivity to remote nodes by submitting a "heartbeat" process periodically and monitoring whether the connection succeeds. with accurate diagnostic messages we will more easily be able to alert our Operations team if there are Secure+ issues.
|What is your industry?||Financial Markets|
|What is the idea priority?||Medium|
|Link to original RFE|