How can I log the negotiated SSL Cipher in Windows 2008 R2
I have a web server running IIS 7.0, on Windows Server 2008 R2. The web application is written in C# .Net 4.0. The web application receives web requests, and sometimes makes outbound https requests to other services.
I want to log the SSL cipher negotiated for each web request received by my web server. I also want to log the SSL cipher negotiated for each web request initiated by my web server.
This question looks similar to mine, but doesn't have a good answer.
SSL negotiation logging in IIS
I've found these references here: http://msdn.microsoft.com/en-gb/library/windows/desktop/bb648705(v=vs.85).aspx
Am I warm? Is this the right approach?
Solution 1:
Schannel event logging should get you some log information. This will log to the Event Log, however, so you'll need to find some manual way to correlate it with your IIS logs.
An Schannel event 36880 will be generated upon each successful negotiation. Correlating them to IIS logs is going to be a bit of a pain, to be sure, but I think this is just about the only feasible way to do it (given that Schannel doesn't really pass this information back down to IIS).
You'll get a process ID and thread ID, so you may be able to log the APP_POOL_ID server variable to get a PID to use in correlation.