Re: Feature request: Logging SSL connections

On Thu, Dec 05, 2013 at 09:43:31AM -0500, Peter Eisentraut wrote:
> On 12/5/13, 8:53 AM, Dr. Andreas Kunert wrote:
> > we were really missing the information in our log files if (and which
> > of) our users are using SSL during their connections.
> > 
> > The attached patch is a very simple solution to this problem - it just
> > tests if the ssl pointer in Port is null. If no, it adds "SSL" to the
> > logfile, otherwise it adds "NOSSL".
> 
> That seems useful.  Do we need more information, like whether a client
> certificate was presented, or what ciphers were used?

Yes, please show ciphersuite and TLS version too.  Andreas, you can use my
recent \conninfo patch as template:
 https://github.com/markokr/postgres/commit/7d1b27ac74643abd15007cc4ec0b56ba92b39d90

Also, please show the SSL level also for walsender connections.  It's
quite important to know whether they are using SSL or not.

But I think the 'bits' output is unnecessary, as it's cipher strength
is known by ciphersuite.  Perhaps it can be removed from \conninfo too.

-- 
marko