Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006113 [Resin] feature always 11-22-17 12:15 02-07-18 15:23
Reporter stbu View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.54
Summary 0006113: Access-logging of TLS protocol version and used Cipher-Suite
Description Dear Caucho Team,

given that Support for TLS 1.0 should be removed latest by End of June 2018 [1] (also from Webservers) I would really like to be able to track usage and progress on this based on HTTP connections made to our Resin Server. This would allow to decide whether or not it's safe to disable that outdated protocol.

Would it be possible to add the following TLS Session Information as variables to the Resin access-logging variables [2]?
 - TLS protocol version (e.g. TLSv1.0, TLSv1.1, TLSv1.2)
 - Used Cipher-Suite (such as TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
based on a SSLSession from both possible SSL configuration options (<jsse-ssl> and <openssl>)?


Other webservers such as NGINX offer these (and more) variables for logging:
See also:
 https://serverfault.com/questions/620123/how-can-i-let-nginx-log-the-used-ssl-tls-protocol-and-ciphersuite [^]
 http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables [^]


References:
[1] See also: https://www.pcicomplianceguide.org/ssl-and-early-tls-new-migration-dates-announced/ [^]
[2] http://www.caucho.com/resin-4.0/admin/logging.xtp#access-log [^]


-- Steffen
Additional Information
Attached Files

- Relationships

- Notes
(0006820)
ferg
02-07-18 15:23

network/0533

Added %{ssl_protocol}V and %{ssl_cipher_suite}V

 

- Issue History
Date Modified Username Field Change
11-22-17 12:15 stbu New Issue
11-24-17 16:21 stbu Issue Monitored: stbu
02-07-18 15:23 ferg Note Added: 0006820
02-07-18 15:23 ferg Assigned To  => ferg
02-07-18 15:23 ferg Status new => closed
02-07-18 15:23 ferg Resolution open => fixed
02-07-18 15:23 ferg Fixed in Version  => 4.0.56


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker