logging which SSL cipher a client is using

Igor Sysoev igor at sysoev.ru
Fri Jul 2 22:06:45 MSD 2010


On Fri, Jul 02, 2010 at 01:21:42PM -0400, Calomel Org wrote:

> Does anyone know of a way to log which SSL cipher a remote client
> connects with?
> 
> For example, if a Firefox v3.6.x client connects and uses AES256 with
> Diffie-Hellman then I could log the cipher string
> "DHE-RSA-AES256-SHA".
> 
> The Googlebot does not use AES or DH so they would connect using 3TDES
> and log the cipher as DES-CBC3-SHA.
> 
> 
> It would be good to know which ciphers client use and which they do
> not. Then a web server admin would be able to get rid of unused and
> possibly weak cipher suites.
> 
> Any ideas are welcome.

$ssl_cipher


-- 
Igor Sysoev
http://sysoev.ru/en/



More information about the nginx mailing list