On 4/29/2021 9:06 AM, Rob Emery wrote:
Hiya Jim Thanks for the reply.If not already included, you could include %{SSL_PROTOCOL}x%{SSL_CIPHER}x in your request log and see if there is any commonality in requests assuming the communication is open long enough for the logging to occur or if the client's desired protocol and cipher might get listed.Yeah we actually already have that enabled in our access logs and we can see that the clients in question are using TLS1.2 when successful (i.e. on the next connection). However these connections that result in the plaintext response actually aren't logged in either the access or error log at all.However we can see from the packet captures that they are a TLS 1.2 handshake and everything "looks fine" there when compared to a successful handshake.
Assuming your site is public facing, give this evaluation a try and see if anything interesting is mentioned.
https://www.ssllabs.com/ssltest/ Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|