|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 6113 | feature | always | 11-22-17 12:15 | 02-07-18 15:23 | |
|
|
|||||
| Reporter: | stbu | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 4.0.54 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 4.0.56 | ||
|
|
|||||
| Summary: | 0006113: Access-logging of TLS protocol version and used Cipher-Suite | ||||
| Description: |
Dear Caucho Team, given that Support for TLS 1.0 should be removed latest by End of June 2018 [1] (also from Webservers) I would really like to be able to track usage and progress on this based on HTTP connections made to our Resin Server. This would allow to decide whether or not it's safe to disable that outdated protocol. Would it be possible to add the following TLS Session Information as variables to the Resin access-logging variables [2]? - TLS protocol version (e.g. TLSv1.0, TLSv1.1, TLSv1.2) - Used Cipher-Suite (such as TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) based on a SSLSession from both possible SSL configuration options (<jsse-ssl> and <openssl>)? Other webservers such as NGINX offer these (and more) variables for logging: See also: https://serverfault.com/questions/620123/how-can-i-let-nginx-log-the-used-ssl-tls-protocol-and-ciphersuite [^] http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables [^] References: [1] See also: https://www.pcicomplianceguide.org/ssl-and-early-tls-new-migration-dates-announced/ [^] [2] http://www.caucho.com/resin-4.0/admin/logging.xtp#access-log [^] -- Steffen |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||