Logging TLS mode and cipher information
With the advent of HTTP/2 and the ever changing cryptography best practices, small compatibility issues can arise, which are very difficult to resolve. Browsers also change what they accept on a constant basis. To ensure, we know exactly what ciphers have been used with what protocol, we can add this additional information to our log files.
How to do it...
Here's our SSL enhanced log format:
log_format ssl_logs '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'
'[$ssl_protocol|$ssl_cipher]'; This is based on the common format and we've added $ssl_protocol and $ssl_cipher to the end. Here's what we now have in our logs:
106.70.67.24 - - [07/Aug/2016:22:39:20 +1000] "GET / HTTP/2.0" 304 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2490.71 Safari/537.36"[TLSv1.2...
