[Dovecot] Patch to log the cipher suite used for TLS
Hello,
the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line:
Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>, session=<ZkEhYtrjSgAgAQiwARQAAQAAAAAAAAAC>
This will e.g. allow you to find out that mobile phones use rather week cipher suites (128bit keys, no PFS).
There is also something else I noticed. If I switch "mutt" (which generated the above log line) from using IMAP on port 143 and "STARTTLS" to use IMAPS on port 993 I get TLS 1.2:
Aug 14 07:44:59 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=1156, TLS=<TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)>, session=<0js/suLj9gAgAQiwARQAAQAAAAAAAAAC>
Not sure why TLS 1.2 is only used in this case. It might be "mutt" doing that.
Kind regards
-- Matthias Scheler http://zhadum.org.uk/
Dear Matthias,
Am 14-08-2013 08:48, schrieb Matthias Scheler:
Hello,
the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line:
Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>, session=<ZkEhYtrjSgAgAQiwARQAAQAAAAAAAAAC>
[snipp]
Is the %k not the same?
http://wiki2.dovecot.org/Variables
I have the following in my logging.conf
login_log_format_elements = service=%s user=<%u> session=%{session} method=%m rip=%r lip=%l mpid=%e %c %k
cheers Aleks
On Wed, Aug 14, 2013 at 11:49:50AM +0200, Aleksandar Lazic wrote:
the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line:
Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>, session=<ZkEhYtrjSgAgAQiwARQAAQAAAAAAAAAC>
[snipp]
Is the %k not the same?
Yes, it is.
http://wiki2.dovecot.org/Variables
I have the following in my logging.conf
login_log_format_elements = service=%s user=<%u> session=%{session} method=%m rip=%r lip=%l mpid=%e %c %k
I was looking for logging options on the SSL page but couldn't find them there. I've now configured an unpatched Dovecot according to your suggestion and I get the information I want.
Thanks a lot
-- Matthias Scheler http://zhadum.org.uk/
participants (2)
-
Aleksandar Lazic
-
Matthias Scheler