System Requirements

Note

Nubeva SKI Sensors are supported on Linux - kernel 4.4 or above, Windows Server 2012, Server 2012 R2, Server 2016, Server 2019 and Windows 10, Kubernetes 1.13 and above and OpenShift 4.x.

Linux Systems

SKI Sensors extract key from any Linux version running a Linux Kernel version 4.4 or higher.

Supported Linux Kernel Versions

Kernel Version Release Date
4.4 10 January 2016
4.5 13 March 2016
4.6 15 May 2016
4.7 24 July 2016
4.8 25 September 2016
4.9 11 December 2016
4.10 19 February 2017
4.11 30 April 2017
4.12 2 July 2017
4.13 3 September 2017
4.14 12 November 2017
4.15 28 January 2018
4.16 1 April 2018
4.17 3 June 2018
4.18 12 August 2018
4.19 22 October 2018
4.20 23 December 2018
5.1 5 May 2019
5.2 7 July 2019
5.3 15 September 2019
5.4 24 November 2019
5.5 26 January 2020
5.6 29 March 2020
5.7 31 May 2020
5.8 2 August 2020
5.9 11 October 2020
5.10 13 December 2020
5.11 14 February 2021

Supported Linux Operating Systems

The table lists commonly used Linux operating systems that use supported kernel versions.

Note

The table is not exhaustive. Key extraction is also supported on other Linux operating system that use one of the supported Linux kernel versions listed in the previous section.

OS Version Kernel
Ubuntu 16.04 LTS 4.4
  16.1 4.8
  17.04 4.1
  17.1 4.13
  18.04 LTS 4.15
  18.1 4.18
  19.04 5
  19.1 5.3
  20.04 LTS 5.4
RHEL 8 4.18.0-80
  8.1 4.18.0-147
  8.2 4.18.0-193
  8.3 4.18.0-240
CentOS 8.0-1905 4.18.0-80
  8.1-1911 4.18.0-147
  8.2-2004 4-18-0-193
  8.3-2011 4.18-0-240
Debian 9 4.9
  9.1 4.9
  9.2 4.9
  9.3 4.9
  9.4 4.9
  9.5 4.9
  9.6 4.9
  9.7 4.9
  9.8 4.9
  9.9 4.9
  9.10 4.9
  9.11 4.9
  9.12 4.9
  9.13 4.9
  10 4.19
  10.1 4.19
  10.2 4.19
  10.3 4.19
  10.4 4.19
  10.5 4.19
  10.6 4.19
  10.7 4.19
  10.8 4.19
  10.9 4.19
Fedora 24 4.5
  25 4.8
  26 4.11
  27 4.13
  28 4.16
  29 4.18
  30 5
  31 5.3
  32 5.6
  33 5.8
AWS AMI 2016.03.1 4.4
  2016.03.2 4.4
  2016.03.3 4.4
  2016.09.1 4.4
  2017.03.1 4.9
  2017.09.1 4.9
  2018.03 4.14

MS Windows Systems

Supported MS Windows versions

Windows Server 2012 September 2012, Foundation, Essentials, Standard, Datacenter
Windows Server 2012 R2 April 2014
Windows Server 2016 public release September 26 2016
Windows Server 2016 version 1709 October 17 2017
Windows Server 2016 version 1803 April 10 2018
Windows server 2019 version 1809 October 2 2018
Windows 10 version 1507 July 2015
Windows 10 version 1511 November 2015
Windows 10 version 1607 July 2016
Windows 10 version 1703 April 2017
Windows 10 version 1709 October 2017
Windows 10 version 1803 April 2018
Windows 10 version 1809 October 2018
Windows 10 version 1903 May 2019
Windows 10 version 1909 November 2019
Windows 10 version 2004 May 2020
Windows 10 version 20H2 October 2020

Container Orchestration Platforms

A container is a normal operating system process except that is isolated and has its own file system, networking, and process tree. SKI Sensors extract session keys from containers regardless of how these containers are run, whether using Docker on Linux, a container orchestration system like Kubernetes or OpenShift, or Docker Desktop.

Kubernetes

SKI Sensors can be deployed on all Kubernetes versions 1.13 or higher.

Version 1.13
Version 1.14
Version 1.15
Version 1.16
Version 1.17
Version 1.18
Version 1.19
Version 1.20

SKI Sensor containers may be run by Docker or CRI-O.

OpenShift

SKI Sensors can be deployed on OpenShift 4.x.

Openshift 4.0
Openshift 4.1
Openshift 4.2
Openshift 4.3
Openshift 4.4
Openshift 4.5
Openshift 4.6
Openshift 4.7

Docker Desktop

You can run SKI Sensors in Linux containers on Windows and MACOS if you have Docker Desktop installed. Docker Desktop is supported on MACOS version 10.10.13 (Yosemite) or higher (Catalina, Big Sur). Docker Desktop for Windows requires WSL (Windows Subsystem for Linux) which is a Linux compatibility layer for running Linux binary executables natively on Windows 10 and Windows Server 2019. WSL 2 was released in May 2019 and introduced a real Linux kernel. As such, Docker Desktop appears as a Linux system to SKI Sensors. A single sensor deployed on Docker Desktop on a MAC or Windows node will extract TLS session keys from all the containers running in Docker Desktop.

Since SKI sensors do not require CAs or certificates, running SKI sensors containers in docker desktop environments, enables MITM configurations to inspect TLS traffic. Such TLS inspection would very difficult to configure using MITM, because it would not be practical install and maintain CAs in each container.