Matthias Scheler
2013-Aug-14 06:48 UTC
[Dovecot] Patch to log the cipher suite used for TLS
Hello,
the attached patch for Dovecot 2.2.4 improves the logging to include
information about the cipher suite used for a TLS connection. Here is
an example log line:
Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>,
method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567,
TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>,
session=<ZkEhYtrjSgAgAQiwARQAAQAAAAAAAAAC>
This will e.g. allow you to find out that mobile phones use rather
week cipher suites (128bit keys, no PFS).
There is also something else I noticed. If I switch "mutt" (which
generated
the above log line) from using IMAP on port 143 and "STARTTLS" to use
IMAPS
on port 993 I get TLS 1.2:
Aug 14 07:44:59 colwyn dovecot: imap-login: Login: user=<tron>,
method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=1156,
TLS=<TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)>,
session=<0js/suLj9gAgAQiwARQAAQAAAAAAAAAC>
Not sure why TLS 1.2 is only used in this case. It might be "mutt"
doing that.
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
-------------- next part --------------
$NetBSD$
Log the cipher used by a TLS connection.
--- src/login-common/client-common.c.orig 2013-06-16 22:04:28.000000000 +0100
+++ src/login-common/client-common.c 2013-08-13 21:23:15.000000000 +0100
@@ -506,7 +506,8 @@
} else {
const char *ssl_state ssl_proxy_is_handshaked(client->ssl_proxy) ?
- "TLS" : "TLS handshaking";
+ t_strdup_printf("TLS=<%s>",
ssl_proxy_get_security_string(client->ssl_proxy)) :
+ "TLS handshaking";
const char *ssl_error ssl_proxy_get_last_error(client->ssl_proxy);
Aleksandar Lazic
2013-Aug-14 09:49 UTC
[Dovecot] Patch to log the cipher suite used for TLS
Dear Matthias, Am 14-08-2013 08:48, schrieb Matthias Scheler:> Hello, > > the attached patch for Dovecot 2.2.4 improves the logging to include > information about the cipher suite used for a TLS connection. Here is > an example log line: > > Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, > method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, > mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>, > session=<ZkEhYtrjSgAgAQiwARQAAQAAAAAAAAAC>[snipp] Is the %k not the same? http://wiki2.dovecot.org/Variables I have the following in my logging.conf login_log_format_elements = service=%s user=<%u> session=%{session} method=%m rip=%r lip=%l mpid=%e %c %k cheers Aleks