Logging of ciphers / ssl versions used by clients?

Logging of ciphers / ssl versions used by clients?

am 15.11.2006 17:33:28 von Chu

Hello,

We are wanting to remove SSLV2 and enforce "stronger" encryption
ciphers in our IIS 5.x and 6.x installations. However, the business
units are concerned that doing so may preclude some users from
accessing our website. I know all current browsers support SSLV3 and
strong ciphers, but I'd like to have an accounting first of who *is*
using the weaker protocol and encryption methods.

How may I log or get this information through IIS or the EventViewer?

Thanks,
../Chu

Re: Logging of ciphers / ssl versions used by clients?

am 16.11.2006 20:21:04 von Chu

Here's the answer to my own question.

Following this KB article 260729 and set the logging level to "4".
See: http://support.microsoft.com/kb/260729

Reboot and then your system event log will fill up nicely with SCHANNEL
events such as:

"An SSL server handshake completed successfully. The negotiated
cryptographic parameters are as follows.

Protocol: TLS (SSL 3.1)
Cipher: RC4
Cipher strength: 128
MAC: MD5
Exchange: RSA
Exchange strength: 1024"

../Chu