0

We know of log configurations that can log negotiated cipher-suite info in successful connections.

But what we need to do is to log the client cipher-suite info that HAProxy gets hold of during TLS Handshake, whether or not the connection negotiation is eventually successful.

Is there a way to achieve this?

Ace
  • 125
  • 5
  • 2
    Try to add %sslc variable to log format. http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#8.2.4 – Vadim Oct 02 '18 at 16:46
  • @Vadim Thanks for the response. We have done that, however it logs cipher suite only if connections are successful. If negotiations fail leading to unsuccessful TLS, it does not log. – Ace Oct 02 '18 at 17:24
  • If there will be no way with logs then use tcpdump ) – Vadim Oct 02 '18 at 18:42

0 Answers0