hi there,

recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our
web server to gather some statistics on the SSL protocol & ciphers
being used.

most of the entries have SSLv3, TLSv1, some SSLv2s here and there
and then there are these entries with only a "-" & "-" in place where
the SSL_PROTOCOL & SSL_CIPHER should be.

for eg:

XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5 "GET XX
HTTP/1.0" 404 363 "XX" "XX"
XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - - "GET /" 400 596 "-" "-"
XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - - "GET /" 400 596 "-" "-"

my question is what does the "-" & "-" represent in the
SSL_PROTOCOL & SSL_CIPHER fields respectively.

I searched the posting archives, the FAQs & a look at the
documentation, but am not able to find anything related.

any help or information would be much appreciated.

thanks,

- Shiva
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

------=_Part_345_31530439.1197628936747
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Dec 6, 2007 7:26 PM, Shiva Subramanian <shiva [at] subbu.us> wrote:

> hi there,
>
> recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our
> web server to gather some statistics on the SSL protocol & ciphers
> being used.
>
> most of the entries have SSLv3, TLSv1, some SSLv2s here and there
> and then there are these entries with only a "-" & "-" in place where
> the SSL_PROTOCOL & SSL_CIPHER should be.
>
> for eg:
>
> XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5 "GET XX
> HTTP/1.0" 404 363 "XX" "XX"
> XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - - "GET /" 400 596 "-" "-"
> XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - - "GET /" 400 596 "-" "-"
>
> my question is what does the "-" & "-" represent in the
> SSL_PROTOCOL & SSL_CIPHER fields respectively.
>

The hypen just represents a null variable. In this case, no SSL session was
present.

The request in the above example returned status code 400 for Bad Request.
You can reproduce it by issuing a plain HTTP "GET /" to an HTTPS host.

Regards,

------=_Part_345_31530439.1197628936747
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Dec 6, 2007 7:26 PM, Shiva Subramanian <shiva [at] subbu.us> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
hi there,<br><br>   recently I turned on the SSL_PROTOCOL & SSL_CIPHER on one of our<br>web server to gather some statistics on the SSL protocol & ciphers<br>being used.<br><br>   most of the entries have SSLv3, TLSv1, some SSLv2s here and there
<br>and then there are these entries with only a "-" & "-" in place where<br>the SSL_PROTOCOL & SSL_CIPHER should be.<br><br>for eg:<br><br>XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5  "GET XX
<br>HTTP/1.0" 404 363 "XX" "XX"<br>XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - -  "GET /" 400 596 "-" "-"<br>XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - -  "GET /" 400 596 "-" "-"
<br><br>   my question is what does the "-" & "-" represent in the<br>SSL_PROTOCOL & SSL_CIPHER fields respectively.<br></blockquote></div><br>The hypen just represents a null variable. In this case, no SSL session was present.
<br><br>The request in the above example returned status code 400 for Bad Request. You can reproduce it by issuing a plain HTTP "GET /" to an HTTPS host.<br><br>Regards,<br>

------=_Part_345_31530439.1197628936747--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org