The eBPF libraries enable sophisticated kernel-level packet filtering and analysis. The Cequence Unified API Protection (UAP) platform integrates with eBPF and captures TLS traffic from OpenSSL, GnuTLS, BoringSSL and NSPR.
eBPF Support Matrix
Because of the way various languages implement TLS, eBPF does not universally support all applications. Linux kernel 4.18 is later is required for all eBPF based deployments.
Application | TLS capture using eBPF |
Nginx | Supported |
Apache | Supported |
Python | Supported |
NodeJS | Unsupported |
Java | Unsupported |
Netty Tcnative (Forked Tomcat Native) | Unsupported |
Envoy | Unsupported |
Note: Check out the eBPF Limitations article for more information.
Integration Methods
You can use either of the following methods to integrate in the supported Linux environments.
- Cequence eBPF based TLS Sensor: Cequence supports Package and DaemonSet based deployments of eBPF sensor in your environment. In this method of integration, you can deploy the Cequence eBPF Sensor into your deployment to integrate with your internal apps.
- Gigamon Precryption: If you have Gigamon already in your environment, you can integrate directly, without the need to deploy additional Cequence TLS Sensor. This method of integration allows you to use the Gigamon eBPF support to integrate directly with Cequence UAP.
Version History
Date | Version | Notes |
Oct 22, 2023 | 2 | Updated with additional Application types not supported. |
June 29, 2023 | 1 | Initial version. |