subject:"log SSL\/TLS protocol version"

log SSL/TLS protocol version

2015-06-09 Thread Sylvain Faivre


Hello,

We use Haproxy in front of HTTP servers, SSL termination is done on HAproxy.

Is there a way to have HAproxy log the SSL or TLS protocol version (TLS 
1.0 / 1.1 / 1.2) or specific cipher that was used for requests ?


I know this is negociated between each client and the HAproxy server, 
but I would like to know which clients use outdated protocols.


Thanks.

Re: log SSL/TLS protocol version

2015-06-09 Thread Nenad Merdanovic

Hello,


On 6/9/2015 5:44 PM, Sylvain Faivre wrote:
 Hello,
 
 We use Haproxy in front of HTTP servers, SSL termination is done on
 HAproxy.
 
 Is there a way to have HAproxy log the SSL or TLS protocol version (TLS
 1.0 / 1.1 / 1.2) or specific cipher that was used for requests ?
 

Yes, you can use ssl_fc_protocol and ssl_fc_cipher, check the following:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_protocol
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_cipher

Just put them inside %[] in your log-format string.

 I know this is negociated between each client and the HAproxy server,
 but I would like to know which clients use outdated protocols.
 
 Thanks.
 


Regards,
Nenad

log SSL/TLS protocol version

Re: log SSL/TLS protocol version

2 matches

Site Navigation

Mail list logo

Footer information