none
Add server variables to capture SSL/TLS protocol

    Question

  • I'm running Windows Server 2012 R2 and I'm trying to configure IIS logging so I can monitor the protocols being used to connect to the server.  I've found some articles on how to set it up but when I try to add the server variables in IIS logging, I don't see CRYPT_PROTOCOL, CRYPT_CIPHER_ALG_ID, CRYPT_HASH_ALG_ID, or
    CRYPT_KEYEXCHANGE_ALG_ID listed as options under the Source field when I select Server Variable as the Source Type.  One article mentioned that the variables were added as part of the KB4025335 update.  I don't have this update installed on the server but when I try to install it, I get a message "The update is not applicable to your computer".  Any ideas on how I can get the protocol variables to show up?
    Tuesday, July 10, 2018 6:52 PM

All replies

  • Hi,

    Thanks for your question.

    Please try the latest update KB4338815 which replaces KB4025335. Furthermore, please check the following thread to see if it helps.

    https://scotthelme.co.uk/hardening-your-http-response-headers/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope this helps. I look forward hearing your good news.

    If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, July 11, 2018 5:47 AM
  • Thanks for the info.  I was able to install updateKB4338815 and rebooted but I still don't see the server variables I'm looking for.  Not sure if it matters or not but I'm running Exchange 2013 CU 19 on this server as well.
    Friday, July 13, 2018 1:51 PM