https://bz.apache.org/bugzilla/show_bug.cgi?id=69816
Bug ID: 69816
Summary: add %{SSL_CURVE} or similar log token
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_log_config
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Apache w/mod_ssl support specifying Curves, so for example with new enough
OpenSSL (3.5.x for example) you can enable TLSv1.3 and a pqc curve, while
retaining backwards compatibility, something like:
SSLOpenSSLConfCmd Curves X25519MLKEM768:X25519:prime256v1:secp384r1
That's pretty great.
For tracking client-adoption it would be handy to include the selected curve in
logs, such as via %SSL_CURVE much like %SSL_PROTOCOL %SSL_CIPHER have existed
for ages.
I don't know if the necessary plumbing exists in mod_ssl to enable this yet -
the fact this is done via SSLOpenSSLConfCmd instead of a dedicated SSLCurve
directive or something, makes me think possibly not. So this might need to be a
feature request there first, followed by mod_log_config. But, maybe enough
feedback from openssl is available to pluck that info out after all.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
