Hello,
the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line:
Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>, session=<ZkEhYtrjSgAgAQiwARQAAQAAAAAAAAAC>
This will e.g. allow you to find out that mobile phones use rather week cipher suites (128bit keys, no PFS).
There is also something else I noticed. If I switch "mutt" (which generated the above log line) from using IMAP on port 143 and "STARTTLS" to use IMAPS on port 993 I get TLS 1.2:
Aug 14 07:44:59 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=1156, TLS=<TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)>, session=<0js/suLj9gAgAQiwARQAAQAAAAAAAAAC>
Not sure why TLS 1.2 is only used in this case. It might be "mutt" doing that.
Kind regards
-- Matthias Scheler http://zhadum.org.uk/