To better understand the SSL requirements of my client base, I would like to log the SSL/TLS cipher suite that is negotiated per-request between IIS 8.5 and the HTTPS client. I am looking for the exact suite negotiated (e.g. 0xC00A or TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ) not the keysize (e.g. 128, 256).
Anyone know a good way to go about this?
Thanks!
A list of suites specified by the IANA is available here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
A list of suites available in SCHANNEL (that IIS uses) is available here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx