Logging which SSL cipher a client is using

Does anyone know of a way to log which SSL cipher a remote client
connects with?

For example, if a Firefox v3.6.x client connects and uses AES256 with
Diffie-Hellman then I could log the cipher string
“DHE-RSA-AES256-SHA”.

The Googlebot does not use AES or DH so they would connect using 3TDES
and log the cipher as DES-CBC3-SHA.

It would be good to know which ciphers client use and which they do
not. Then a web server admin would be able to get rid of unused and
possibly weak cipher suites.

Any ideas are welcome.


Calomel @ https://calomel.org
Open Source Research and Reference

On Fri, Jul 02, 2010 at 01:21:42PM -0400, Calomel Org wrote:

It would be good to know which ciphers client use and which they do
not. Then a web server admin would be able to get rid of unused and
possibly weak cipher suites.

Any ideas are welcome.

$ssl_cipher


Igor S.
http://sysoev.ru/en/

Igor,

Thanks again. I see now that the variables in the ngx_http_ssl_module
can be used in logging. Works perfectly.

http://wiki.nginx.org/NginxHttpSslModule#Built-in_variables


Calomel @ https://calomel.org
Open Source Research and Reference