With all the hype and craze around HTTP/2 and various TLS Versions, there is one questions which appears every now and then. I am doing all this upgrading versions allowing new ciphers enabling https etc, but is anyone using them. Also with PCI mandate of closing TLS 1.0 and TLS 1.1 looming large, we need to be in a position to identify what TLS versions are in use on website and what about HTTP Versions.
When we say what’s in use i am specifically talking about what’s used by client and not what is offered by the servers. I have been reading about this for a long time and i spotted multiple resources like this and this. However for all these the instructions stopped at a point where a custom log is created and then we periodically run shell scripts for data extractions.
I wanted something more or rather something simpler, this led me to explore a bit more and i have deviced a strategy by which i basically get the same data parsed and displayed in awstats dashboard.
So to configure this we need to perform multiple steps.
1) We need to modify the accesslog format, i am listing method for nginx simmilar methods should apply for other servers also.
[github userid=”anantshri” repoid=”server_admin_scripts” path=”track_http_tls/nginx.conf” language=”bash”]
2) We modify the individual site to start logging in new format.
[github userid=”anantshri” repoid=”server_admin_scripts” path=”track_http_tls/nginx_site_config.conf” language=”bash”]
3) Manually trigger logrotate and force old log to go out.
sudo logrotate -f /etc/logrotate.d/nginx
4) Edit awstats config file to point correct logformat and Extra Section entries.
[github userid=”anantshri” repoid=”server_admin_scripts” path=”track_http_tls/awstats.conf.local” language=”bash”]
5) Wait for some traffic to hit the server or manually execute logroate
sudo logrotate -f /etc/logrotate.d/nginx
Once this setup is done and then you open your awstats config, right at the bottom of the window you should be greated with a section simmilar to the one shown below.
