On 4/29/2021 9:06 AM, Rob Emery wrote:
Hiya Jim
Thanks for the reply.
If not already included, you could include %{SSL_PROTOCOL}x
%{SSL_CIPHER}x in your request log and see if there is any commonality
in requests assuming the communication is open long enough for the
logging to occur or if the client's desired protocol and cipher might
get listed.
Yeah we actually already have that enabled in our access logs and we
can see that the clients in question are using TLS1.2 when successful
(i.e. on the next connection). However these connections that result
in the plaintext response actually aren't logged in either the access
or error log at all.
However we can see from the packet captures that they are a TLS 1.2
handshake and everything "looks fine" there when compared to a
successful handshake.
Assuming your site is public facing, give this evaluation a try and see
if anything interesting is mentioned.
https://www.ssllabs.com/ssltest/
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org