Is is possible to log TLS client versions - dovecot - dovecot.org

newer
BUG: panic when using fs:posix as...

Is is possible to log TLS client versions

older
CVE-2019-19722: Critical...

Götz Reinicke

13 Dec 2019 13 Dec '19

2 p.m.

Hi, is it possible to log the version of TLS a clients is using to connect to dovecot?

I’v not found any switch to do that.

Thanks and regards . Götz

Attachments:

attachment.html (text/html — 812 bytes)
smime.p7s (application/pkcs7-signature — 5.1 KB)

Reply

Sign in to reply online Use email software

Show replies by date

Alexander Dalloz

13 Dec 13 Dec

2:08 p.m.

Am 13.12.2019 um 15:00 schrieb Götz Reinicke:

Not sure why you haven't found

https://doc.dovecot.org/configuration_manual/config_file/config_variables/

You may use following log formatting

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k

to get log content like

Dec 13 12:20:21 msg dovecot: imap-login: Login: user=<foo@example.org>, method=PLAIN, rip=2003:e6:3a0c:7e12:106e:4562:cb72:566b, lip=2a01:1000:6:9d:0:dead:beef:cafe, mpid=6476, TLS, TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

See what %c and %k translate to in that example.

Alexander

Reply

Sign in to reply online Use email software

Götz Reinicke

2:32 p.m.

New subject: Is is possible to log TLS client versions - Solved

I’d guess I was looking for a log-option not the log format. :-/

Lesson learned.

Thanks very much! /Götz

Reply

Sign in to reply online Use email software

1973

Age (days ago)

1973

Last active (days ago)

2 comments

2 participants

tags

participants (2)

Alexander Dalloz
Götz Reinicke