SSL/TLS Logging

The EFT.log file logs numerous activities that occur in EFT, including SSL connections. You can enable to SSL logging to track the details of successful SSL connections. (For details of configuring the EFT.log file, refer to EFT.log File.) In the ARM schema, the table tbl_NegotiatedCiphersSSL is associated with tbl_Authentications and tbl_Actions, which tracks the negotiated cipher set for successful SSL/TLS client/server authentications.

To track the details of successful SSL connections.

  1. Open the logging.cfg file in a text editor such as Notepad.

  2. Remove the comment next to #log4cplus.logger.SSL=TRACE, and change TRACE to DEBUG.

  3. Remove the comment next to #log4cplus.logger.IPAccess=TRACE.

Example logs:

04-10-17 10:16:09,117 [16424] DEBUG IPAccess <> - Check IP address against IP Access Rules: IP: 127.0.0.1, access allowed

04-10-17 10:16:09,117 [7444] DEBUG SSL <> - SSL connection accepted; protocol version = TLSv1.2, cipher = ECDHE-RSA-AES128-GCM-SHA256, key length = 128

However, this adds more verbosity to the logs. Additionally, this does not track failed connections and puts the onus on the customer/administrator to pick apart the logs.

For failed connections made via SSL/TLS, the log entry should contain the following:

INFO SSL <> - SSL connection failed; ip address= ; connection ID=

For successful connections made using insecure ciphers via SSL/TLS, the log entry should contain the following:

WARN SSL <> - Insecure SSL connection accepted; protocol version=; cipher=; key length=; ip address=; connection ID=

For successful connections made using weak ciphers via SSL/TLS, the log entry should contain the following:

WARN SSL <> - Weak SSL connection accepted; protocol version=; cipher=; key length=; ip address=; connection ID=