subject:"log SSL\/TLS protocol version"

Re: log SSL/TLS protocol version

2015-06-09 Thread Nenad Merdanovic

Hello,


On 6/9/2015 5:44 PM, Sylvain Faivre wrote:
> Hello,
> 
> We use Haproxy in front of HTTP servers, SSL termination is done on
> HAproxy.
> 
> Is there a way to have HAproxy log the SSL or TLS protocol version (TLS
> 1.0 / 1.1 / 1.2) or specific cipher that was used for requests ?
> 

Yes, you can use ssl_fc_protocol and ssl_fc_cipher, check the following:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_protocol
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_cipher

Just put them inside %[] in your log-format string.

> I know this is negociated between each client and the HAproxy server,
> but I would like to know which clients use outdated protocols.
> 
> Thanks.
> 
>

Regards,
Nenad

log SSL/TLS protocol version

2015-06-09 Thread Sylvain Faivre


Hello,

We use Haproxy in front of HTTP servers, SSL termination is done on HAproxy.

Is there a way to have HAproxy log the SSL or TLS protocol version (TLS 
1.0 / 1.1 / 1.2) or specific cipher that was used for requests ?


I know this is negociated between each client and the HAproxy server, 
but I would like to know which clients use outdated protocols.


Thanks.

Re: log SSL/TLS protocol version

log SSL/TLS protocol version

2 matches

Site Navigation

Mail list logo

Footer information