How do I monitor SSL Negotiation time?

Full Stack Observability Question Template

We’ve been troubleshooting SSL issues with excessive CPU time for the cipher we’ve been using our application server, and I would like to be able to monitor SSL negotiation time. Is this possible in APM? Where would I find this time accounted for?

Hi, @j.hull: I don’t know of a way to monitor SSL negotiation time in APM, but you can monitor it in Browser or Synthetics. New Relic Browser’s PageView event exposes a connectionSetupDuration attribute; Synthetics’ SyntheticRequest event exposes a durationSSL attribute.

1 Like

Thanks @philweber. That’s helpful to know. We do have Browser enabled, so I will explore that.

On a very related note - can you tell me whether SSL negotiation time is included in the APM duration metric?

What I’m seeing is that offloading our SSL negotiation to a reverse proxy on one of our three nodes significantly improved our throughput numbers for that node, but the duration value stayed the same, and matches the other two nodes. That makes me think the duration is NOT measuring SSL time, but I want some proof :slight_smile:

I don’t THINK SSL negotiation time is included in APM duration. As I understand it, SSL negotiation happens primarily in the browser, before your server-side application code begins to execute. APM only instruments your application code; it has no visibility into the network stack outside your application.