Opened 8 months ago

Closed 5 weeks ago

#2134 closed enhancement (fixed)

ssl cipher logging for mail

Reported by: Geert Hendrickx Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.19.x
Keywords: mail, logging Cc:
uname -a:
nginx -V: nginx version: nginx/1.19.6

Description

For the http module, the access_log format can be customized to great extent.

For the mail module, there is only the standard error_log, and its format cannot be changed (beyond loglevel).

It would be useful to have the ability to create custom logging for mail as well, for example to include variables like $ssl_protocol, $ssl_cipher, etc. Currently we can only obtain this information from error_log at debug level, or via network wire tapping, both of which are not suitable for regular production use.

Change History (2)

comment:1 by Rob Mueller <robm@…>, 5 weeks ago

In 7905:13d0c1d26d47/nginx:

Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134).

This adds new Auth-SSL-Protocol and Auth-SSL-Cipher headers to
the mail proxy auth protocol when SSL is enabled.

This can be useful for detecting users using older clients that
negotiate old ciphers when you want to upgrade to newer
TLS versions of remove suppport for old and insecure ciphers.
You can use your auth backend to notify these users before the
upgrade that they either need to upgrade their client software
or contact your support team to work out an upgrade path.

comment:2 by Maxim Dounin, 5 weeks ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.