This section describes viewing cipher specifications for secure
transactions and for a specific HTTP request.
About this task
To see which cipher specifications the server uses for secure transactions
or for a specific HTTP request, complete one of the following steps.
Procedure
- To see which cipher specifications the server uses for secure
transactions. Specify LogLevel info in the configuration file
to include informational messages in the error log using the LogLevel directive. The error log is specified by the
ErrorLog directive in the http configuration file. The location is set by
the ErrorLog directive, which can be configured. Look in the error
log for messages in this format: TimeStamp info_message mod_ibm_ssl:
Using Version 2/3 Cipher:longname|shortname. The
order that the cipher specifications are displayed in the error log from top
to bottom represents the attempted order of the cipher specifications.
- To see which cipher specification was negotiated with a specific
client for a specific request. Change the LogFormat directive to include the cipher specification
as part of the information logged for each request. The format string %{HTTPS_CIPHER}e will
log the name of the cipher (for example, "TLS_RSA_WITH_AES_256_CBC_SHA").
Be sure that the LogFormat directive you change is for the format used on
the CustomLog directive. Here is an example:
LogFormat "%h %l %u %t \"%r\" %>s %b %{HTTPS_CIPHER}e" common
CustomLog logs/access_log common
Look in the access log to find the cipher used. The
position of the cipher will depend on where the %{HTTPS_CIPHER}e format
string was placed in the LogFormat directive. Following are some example
access_log entries, using the example LogFormat directive above: 9.48.108.152 - - [17/Feb/2005:15:37:39 -0500] "GET / HTTP/1.1" 200 1507 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.view1.gif HTTP/1.1" 200 1814 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:40 -0500] "GET /httpTech.masthead.gif HTTP/1.1" 200 11844 SSL_RSA_WITH_RC4_128_SHA
9.48.108.152 - - [17/Feb/2005:15:37:41 -0500] "GET /httpTech.visit1.gif HTTP/1.1" 200 1457 SSL_RSA_WITH_RC4_128_SHA
For non-secure requests, "-" will be logged for the cipher
specification.
You can log other SSL environment variables
in the same manner as HTTPS_CIPHER.