View cipher specifications
View cipher specification is used by server
To see which cipher specifications the server uses for secure transactions specify LogLevel info in the configuration file to include informational messages in ErrorLog.
TimeStamp info_message mod_ibm_ssl: Using Version 2/3 Cipher:longname|shortnameThe order that the cipher specifications are displayed in the error log from top to bottom represents the attempted order of the cipher specifications.
View cipher specification negotiated with a specific client for a specific request
To see which cipher specification was negotiated with a specific client for a specific request, change the LogFormat directive to include the cipher specification as part of the information logged for each request. The format string %{HTTPS_CIPHER}e logs the name of the cipher. For example...
TLS_RSA_WITH_AES_256_CBC_SHAChange LogFormat directive for the format used on the CustomLog directive.
LogFormat "%h %l %u %t \"%r\" %>s %b %{HTTPS_CIPHER}e" common
CustomLog logs/access_log commonLook in the access log to find the cipher used. The position of the cipher will depend on where the %{HTTPS_CIPHER}e format string was placed in the LogFormat directive.
Example access_log entries using the example LogFormat directive above:
9.48.108.152 - - [17/Feb/2005:15:37:39 -0500] "GET / HTTP/1.1" 200 1507 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.view1.gif HTTP/1.1" 200 1814 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.masthead.gif HTTP/1.1" 200 11844 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:41 -0500] "GET /httpTech.visit1.gif HTTP/1.1" 200 1457 SSL_RSA_WITH_RC4_128_SHAFor non-secure requests, "-" will be logged for the cipher specification.
You can log other SSL environment variables in the same manner as HTTPS_CIPHER.
Related concepts