Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1182
Views
5
Helpful
1
Replies

Filter to check SSL/TLS version of email

Narasimhan VS
Level 1
Level 1

‎10-23-2019 01:30 AM

I want to know if there is any option or workaround to identify emails connecting with TLS v1.0 and SSL v3.0 using content or message filters ?

Labels:
0 Helpful
1 Reply 1

marc.luescherFRE
Spotlight
Spotlight

‎10-23-2019 02:28 AM

This is a bit harder to do and I would first start investigating by simply searching the mail log on the console like:

 

grep "SSLv3 cipher" mail_logs

grep "TLSv1 cipher" mail_logs

grep "TLSv1.1 cipher" mail_logs

grep "TLSv1.2 cipher" mail_logs

 

this gives you the ICID's of the incoming messages back matching your search pattern.

 

Then you need to grep this ICID in smtp_logs to get the corresponding MID back.

On a busy server there will be multiple MID associated to a given ICID.

 

Hope that helps with your analysis.

 

-Marc

Customers Also Viewed These Support Documents