Viewing cipher specifications
This section describes viewing cipher specifications for secure transactions and for a specific HTTP request.
About this task
Procedure
-
To see which cipher specifications the server uses for secure transactions. Specify
LogLevel info in the configuration file to include informational messages in
the error log using the LogLevel
directive. The error log is specified by the ErrorLog directive in the http configuration file. The
location is set by the ErrorLog directive, which can be configured.
Review the error log for messages in this format: TimeStamp info_message mod_ibm_ssl: Using Version 2/3 Cipher:longname|shortname.The order that the cipher specifications are displayed in the error log from start to finish represents the attempted order of the cipher specifications.
-
To see which cipher specification was negotiated with a specific client for a specific
request. Change the LogFormat directive to include the cipher specification as part of the information logged
for each request. The format string %{HTTPS_CIPHER}e will log the name of the cipher (for
example,
TLS_RSA_WITH_AES_256_CBC_SHA
). Be sure that the LogFormat directive you change is for the format used on the CustomLog directive.Here is an example:LogFormat "%h %l %u %t \"%r\" %>s %b %{HTTPS_CIPHER}e" common CustomLog logs/access_log common
Check the access log to find the cipher used. The position of the cipher will depend on where the %{HTTPS_CIPHER}e format string was placed in the LogFormat directive. Following are some example access_log entries, using the previous example for the LogFormat directive:9.48.108.152 - - [17/Feb/2005:15:37:39 -0500] "GET / HTTP/1.1" 200 1507 SSL_RSA_WITH_RC4_128_SHA 9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.view1.gif HTTP/1.1" 200 1814 SSL_RSA_WITH_RC4_128_SHA 9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.masthead.gif HTTP/1.1" 200 11844 SSL_RSA_WITH_RC4_128_SHA 9.48.108.152 - - [17/Feb/2005:15:37:41 -0500] "GET /httpTech.visit1.gif HTTP/1.1" 200 1457 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:39 -0500] "GET / HTTP/1.1" 200 1507 SSL_RSA_WITH_RC4_128_SHA 9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.view1.gif HTTP/1.1" 200 1814 SSL_RSA_WITH_RC4_128_SHA 9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.masthead.gif HTTP/1.1" 200 11844 SSL_RSA_WITH_RC4_128_SHA 9.48.108.152 - - [17/Feb/2005:15:37:41 -0500] "GET /httpTech.visit1.gif HTTP/1.1" 200 1457 SSL_RSA_WITH_RC4_128_SHA
For non-secure requests,
-
will be logged for the cipher specification.You can log other SSL environment variables in the same manner as HTTPS_CIPHER.