Audit journal
The protocol and cipher suite for a System SSL/TLS connection are captured when secure socket connections are audited.
Secure socket connection auditing is enabled when *NETSECURE is set for the QAUDLVL/QAUDLVL2 system value. Each successful connection generates an SK (Sockets Connections) journal entry with an entry type of S (Successful secure connection). The journal entry contains the protocol information in the "Secure version" field and the cipher suite in the "Secure properties" field.
In the following example SK journal entry type S, the "Secure version"
field indicates TLSv1.2 was negotiated along with cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256
shown in the "Secure properties" field. The signature algorithm
used was ECDSA_SHA512, which is also in the "Secure properties" field.
Entry specific data
Column *...+....1....+....2....+....3....+....4....+....5
00901 ' '
00951 ' TLSV1.2 TLS_RSA_WITH_AES_128_CBC_SHA25'
01001 '6 ECDSA_SHA512 '
More... In the following example SK journal entry type S, the "Secure version"
and the "Secure properties" fields indicate TLSv1.2 was negotiated
along with cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. The
signature algorithm was ECDSA_SHA512 and the named elliptic curve,
which determines key size, was Secp521r1.
Entry specific data
Column *...+....1....+....2....+....3....+....4....+....5
00901 ' '
00951 ' TLSV1.2 TLS_ECDHE_ECDSA_WITH_AES_256_G'
01001 'CM_SHA384 ECDSA_SHA512 SECP521R1 '
More...For more information about interpreting all the SK entry fields, see SK (Sockets Connections) journal entries. For more information about analyzing the logged events, see Analyzing audit journal entries in the Security reference topic.
