Enabling SSL Tracing in Java Applications
Last updated
Last updated
groundcover offers eBPF-based tracing for all frameworks and protocols, including encrypted traffic. This is done by attaching probes to key points in popular encryption libraries, such as LibSSL.
There is one exception to the out-of-the-box coverage with eBPF - Java. The Java runtime uses encryption libraries which are written in pure Java, providing a challenge to trace with the machine-level primitives that eBPF offers.
groundcover's approach to bridge this gap is by using a more traditional approach to Java observability - using a This agent runs alongside your applications, tracing key functions in the Java encryption libraries to provide visibility into the APIs being handled.
Non-SSL traffic in Java works out of the box similar to out frameworks
groundcover's sensor comes pre-packed with the Java agent binaries. When detecting Java processes running alongside it, the sensor will use an injection method to dynamically execute the groundcover Java agent in the detected process.
No configuration changes are needed, and new processes will be monitored automatically.
groundcover's core approach to tracing relies on eBPF, which has built-in safety guarantees that make sure our tracing can not affect the services being monitored in any significant way.
Java agents are somewhat different in that regard - they run alongside your code, and have more potential to interfere with the standard operation of the process. For this reason, our development cycle for the Java agent is extremely strict, and includes testing with many common Java use cases. The agent has and continues to run safely in a large number of customer environments, providing the high standard of frictionless coverage groundcover provides.
We recommend testing the deployment on lower environments (e.g dev, staging) before moving on to production environments.
Use the following configuration values to turn on the Java agent deployment: