Determining which Ciphers clients are using from RoundCube mail

Question

I have RoundCube installed on RHEL 7 server, and after Qualys vuln check, there are some vulnerabilities with ciphers. After patching, DES & 3DES cannot be used anymore. TLS handshakes cannot be made with devices without AES-128 or newer algorithms (iOS 7+, Android newer than version 3). But, some clients have problems connecting, even though they are on supported systems with AES-128.

I want to see which Ciphers clients are using. I can't find any logs that reveal this information directly. Where else can I look?

score 0 · Answer 1 · answered Aug 28 '17 at 11:34

0

The client sends a list of his supported cipher suites alongside the client_hello message of the TLS handshake. Check the debug logging functionality of your web server, it should be able to store that information.

For the concrete configuration options for nginx, check out this answer.

answered Aug 28 '17 at 11:34

mat

548
6
20

Where is that configured on nginx ? – Aug 28 '17 at 11:36
I updated my answer – mat Aug 28 '17 at 12:38
Also note that wireshark will show the ciphersuites offered by the client, – President James K. Polk Aug 28 '17 at 14:11

Determining which Ciphers clients are using from RoundCube mail

1 Answers1