in reply to Re^2: Is it possible to check the client's SSL/TLS version?
in thread Is it possible to check the client's SSL/TSL version?

What Rhandom pointed out is why we need to collect the information. Manny thanks to hippo, sundialsrv4 for pointing out the documents, but I still don't quite understand this.

Correct me if my question is silly. The protocol version ( SSL/TLS version) I want to collect is the ones from this clients, not from my Apache server. Is the var $ENV{SSL_PROTOCOL} my server's SSL version or the client's SSL version? My understanding is that the variable SSL_PROTOCOL is my apache server's configuration variable, not from the cilent.

Apache relies on OpenSSL to do security handshakes, so Apache does not care the client's version of SSL/TLS? and could not log it?

  • Comment on Re^3: Is it possible to check the client's SSL/TLS version?

Replies are listed 'Best First'.
Re^4: Is it possible to check the client's SSL/TLS version?
by hippo (Archbishop) on Jul 17, 2015 at 18:54 UTC

    The protocol has to be the same on both ends otherwise the handshake fails. The protocol given by the environment variable SSL_PROTOCOL as mentioned in my post is the protocol of the particular connection, negotiated between the client and the server, and not a function of either in isolation.

    By all means try it and see.

[reply]
[d/l]

In Section Seekers of Perl Wisdom