Thanks for your suggestion, sorry for the late reply. I gave it some thought and we decided to simply just shut SSLv3 and RC4 off completely right away. We were going to use the stats to check how much traffic would be lost, but we managed to get browser statistics elsewhere, which pointed to less than 1% (Windows XP etc).
So basically there's no reason to run those any longer. Cheers. -----Original Message----- From: Chad Lavoie [mailto:clav...@haproxy.com] Sent: Tuesday, March 8, 2016 9:45 PM To: haproxy@formilux.org Cc: Jeff Palmer <j...@palmerit.net>; Stefan Johansson <stefan.johans...@adtoma.com> Subject: Re: SSL Cipher stats Greetings, On 03/08/2016 11:20 AM, Jeff Palmer wrote: > I too would be interested in this. > > extra points if the info could be gathered for individual backends or > frontends. I didn't explicitly mention it, but my example config tracks by frontend id in the stick table (id was 7 in my example). If in "tcp-request content track-sc0 fe_id() table sslv3-count if { ssl_fc }" fe_id is changed with be_id then it will track based on the backend instead. To translate the id's to names looking at the iid field of "show stat" (to the socket as the show table is done to get the stats) will identify the one in question. Also, I neglected to mention if you have nbproc >1 it won't add up the values, so if its important to have all of the requests processed adding them up via a shell script should be able to do that. - Chad > > > > On Tue, Mar 8, 2016 at 11:18 AM, Stefan Johansson > <stefan.johans...@adtoma.com> wrote: >> Hi, >> >> >> >> is it possible somehow to extract statistics on cipher used (total >> SSLv3, total RC4 etc.) without necessarily turning on connection >> logging and extract the data from there? >> >> >> >> Thank you. >> >> >> >> Regards, >> >> Stefan > >
