Is is possible to log TLS client versions

Alexander Dalloz ad+lists at uni-x.org
Fri Dec 13 16:08:04 EET 2019


Am 13.12.2019 um 15:00 schrieb Götz Reinicke:
> Hi, is it possible to log the version of TLS a clients is using to connect to dovecot?
> 
> I’v not found any switch to do that.
> 
> 	Thanks and regards . Götz


Not sure why you haven't found

https://doc.dovecot.org/configuration_manual/config_file/config_variables/

You may use following log formatting

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k

to get log content like

Dec 13 12:20:21 msg dovecot: imap-login: Login: user=<foo at example.org>, 
method=PLAIN, rip=2003:e6:3a0c:7e12:106e:4562:cb72:566b, 
lip=2a01:1000:6:9d:0:dead:beef:cafe, mpid=6476, TLS, TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

See what %c and %k translate to in that example.

Alexander



More information about the dovecot mailing list