How can I log the negotiated SSL Cipher in Windows 2008 R2

ssl iis-7 logging windows-server-2008-r2

I have a web server running IIS 7.0, on Windows Server 2008 R2. The web application is written in C# .Net 4.0. The web application receives web requests, and sometimes makes outbound https requests to other services.

I want to log the SSL cipher negotiated for each web request received by my web server. I also want to log the SSL cipher negotiated for each web request initiated by my web server.

This question looks similar to mine, but doesn't have a good answer.

SSL negotiation logging in IIS

I've found these references here: http://msdn.microsoft.com/en-gb/library/windows/desktop/bb648705(v=vs.85).aspx

Am I warm? Is this the right approach?


Solution 1:

Schannel event logging should get you some log information. This will log to the Event Log, however, so you'll need to find some manual way to correlate it with your IIS logs.

An Schannel event 36880 will be generated upon each successful negotiation. Correlating them to IIS logs is going to be a bit of a pain, to be sure, but I think this is just about the only feasible way to do it (given that Schannel doesn't really pass this information back down to IIS).

You'll get a process ID and thread ID, so you may be able to log the APP_POOL_ID server variable to get a PID to use in correlation.

Related

Unattended installation of Windows Server 2012 on KVM
Internet access from private VPC subnet?
Generate new self-signed CA for Windows 2012 CA
Windows 7: Deploying Printer Settings without a Print Server
Tcpdump maximum split file size
Modifying kernel cmdline in Ubuntu
ping and traceroute does not work when UFW deny outgoing by default
Hyper-V offline migration between AMD and Intel Processors
How to make connections answer from the same gateway they entered in RouterOS?
How does LSI MegaRAID actually lay out RAID10 sets?
Proxy dropping custom headers with https
The requested operation requires elevation