Hello,
On 6/9/2015 5:44 PM, Sylvain Faivre wrote: > Hello, > > We use Haproxy in front of HTTP servers, SSL termination is done on > HAproxy. > > Is there a way to have HAproxy log the SSL or TLS protocol version (TLS > 1.0 / 1.1 / 1.2) or specific cipher that was used for requests ? > Yes, you can use ssl_fc_protocol and ssl_fc_cipher, check the following: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_protocol http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.4-ssl_fc_cipher Just put them inside %[] in your log-format string. > I know this is negociated between each client and the HAproxy server, > but I would like to know which clients use outdated protocols. > > Thanks. > > Regards, Nenad
