Monitor SSL Cipher Usage

Asked Jan 20 '21 at 07:48

Active Jan 20 '21 at 13:13

Viewed 38 times

We are looking for restrict the allowed cipher suite we offer to client on our Apache servers hosted on our Linux servers.

But first, we would like to know which old ciphers are still used by our clients.

Is there a way to monitor SSL handshake, ciphers used, sessions aborted, etc ... by tuning apache or listen network with tcpdump?

EDIT: for logging used cipher, %{SSL_PROTOCOL} and %{SSL_CIPHER} can be added to CustomLog,

Exemple: CustomLog "logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"

But I still lack handshake failures

edited Jan 20 '21 at 13:13

asked Jan 20 '21 at 07:48

Jean Poulard

Wow, great question... I never thought of that. ssllabs.com could help a little bit here, about knowing which devices support which ciphers.. – Example person Jan 20 '21 at 09:51
See also https://www.netmeister.org/blog/tcpdump-ssl-and-tls.html – Peter Jan 20 '21 at 15:01

0 Answers0