------=_Part_345_31530439.1197628936747
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Dec 6, 2007 7:26 PM, Shiva Subramanian wrote:

> hi there,
>
> recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our
> web server to gather some statistics on the SSL protocol & ciphers
> being used.
>
> most of the entries have SSLv3, TLSv1, some SSLv2s here and there
> and then there are these entries with only a "-" & "-" in place where
> the SSL_PROTOCOL & SSL_CIPHER should be.
>
> for eg:
>
> XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5 "GET XX
> HTTP/1.0" 404 363 "XX" "XX"
> XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - - "GET /" 400 596 "-" "-"
> XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - - "GET /" 400 596 "-" "-"
>
> my question is what does the "-" & "-" represent in the
> SSL_PROTOCOL & SSL_CIPHER fields respectively.
>


The hypen just represents a null variable. In this case, no SSL session was
present.

The request in the above example returned status code 400 for Bad Request.
You can reproduce it by issuing a plain HTTP "GET /" to an HTTPS host.

Regards,

------=_Part_345_31530439.1197628936747
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Dec 6, 2007 7:26 PM, Shiva Subramanian <shiva@subbu.us> wrote:

hi there,

  recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our
web server to gather some statistics on the SSL protocol & ciphers
being used.

  most of the entries have SSLv3, TLSv1, some SSLv2s here and there

and then there are these entries with only a "-" & "-" in place where
the SSL_PROTOCOL & SSL_CIPHER should be.

for eg:

XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5  "GET XX

HTTP/1.0" 404 363 "XX" "XX"
XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - -  "GET /" 400 596 "-" "-"
XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - -  "GET /" 400 596 "-" "-"


  my question is what does the "-" & "-" represent in the
SSL_PROTOCOL & SSL_CIPHER fields respectively.

The hypen just represents a null variable. In this case, no SSL session was present.


The request in the above example returned status code 400 for Bad Request. You can reproduce it by issuing a plain HTTP "GET /" to an HTTPS host.

Regards,


------=_Part_345_31530439.1197628936747--
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org