none
Add server variables to capture SSL/TLS protocol

    Question

  • I'm running Windows Server 2012 R2 and I'm trying to configure IIS logging so I can monitor the protocols being used to connect to the server.  I've found some articles on how to set it up but when I try to add the server variables in IIS logging, I don't see CRYPT_PROTOCOL, CRYPT_CIPHER_ALG_ID, CRYPT_HASH_ALG_ID, or
    CRYPT_KEYEXCHANGE_ALG_ID listed as options under the Source field when I select Server Variable as the Source Type.  One article mentioned that the variables were added as part of the KB4025335 update.  I don't have this update installed on the server but when I try to install it, I get a message "The update is not applicable to your computer".  Any ideas on how I can get the protocol variables to show up?
    Tuesday, July 10, 2018 6:52 PM

All replies

  • Hi,

    Thanks for your question.

    Please try the latest update KB4338815 which replaces KB4025335. Furthermore, please check the following thread to see if it helps.

    https://scotthelme.co.uk/hardening-your-http-response-headers/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope this helps. I look forward hearing your good news.

    If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, July 11, 2018 5:47 AM
    Moderator
  • Thanks for the info.  I was able to install updateKB4338815 and rebooted but I still don't see the server variables I'm looking for.  Not sure if it matters or not but I'm running Exchange 2013 CU 19 on this server as well.
    Friday, July 13, 2018 1:51 PM
  • Hi,

    Sorry for my delay.

    Please check the prerequisites of IIS server variables setting:

    1. IIS 7.0 or above with ASP.NET role service enabled 

    2. URL Rewrite Module 2.0 installed

    For more information, please refer to the following MS docs,

    https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/setting-http-request-headers-and-iis-server-variables

    In addition, you'd also ask this issue in IIS forum for resolution.

    https://forums.iis.net/

    Hope this helps. 

    Highly appreciate for your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michale


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, July 18, 2018 3:12 AM
    Moderator
  • Hi,

    How are things going on?

    Please let us know if you need further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Sunday, July 22, 2018 11:09 AM
    Moderator