Logging TLS version used by clients connecting to Apache

https apache-2.2 logging tls

Recently in the news was an announcement that the PCI standards in the UK will outlaw the use of TLS1.0.

Unfortunately, this means that we're going to have to stop using TLS1.0 on our web servers for ecommerce by summer next year.

We want to know for sure what percentage of our users are connecting to the site using TLS1.0 in order to determine the impact of this and what our response needs to be.

Is there a module or something for Apache that will allow us to do this? Can I just use the normal logging stuff?

The site has a lot of traffic, so logging SSL stuff on a debug level may quickly fill our hard disks...


Custom Log can be used with the following env variables: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#envvars

Examples just below that in the next section: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#logformats

 CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Related

Libvirt guest destroyed after shutdown
rsync hangs on one big file
Domain will not propagate (Over 96+ Hours)
Import configuration files in haproxy.cfg
How to split an ansible local_action in multiple lines
Dovecot: missing +w perm: /var/mail, we're not in group 8(mail)
Puppet generated systemd unit files?
Using a high end NAS as a vSphere/HyperV Storage
What could cause a 'sense error' when setting LTO encryption?
Does Ansible have to share root key between nodes and Ansible playbook server?
are github`s IP Addresses changed?
HSTS in Nginx: should the Strict-Transport-Security header be added in subdomain server blocks too?