Hello,
On 6/9/2015 5:44 PM, Sylvain Faivre wrote:
Hello,
We use Haproxy in front of HTTP servers, SSL termination is done on
HAproxy.
Is there a way to have HAproxy log the SSL or TLS protocol version (TLS
1.0 / 1.1 / 1.2) or specific cipher that was used for requests ?
Yes, you can use ssl_fc_protocol and ssl_fc_cipher, check the following:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_protocol
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_cipher
Just put them inside %[] in your log-format string.
I know this is negociated between each client and the HAproxy server,
but I would like to know which clients use outdated protocols.
Thanks.
Regards,
Nenad