Tracking TLS Version

dbrgn · September 5, 2019, 7:36pm

Server logs can be configured to include the TLS version and ciphersuite used for the connection.

Does Matomo support tracking this information as part of a request (through the import_logs.py script)? This is useful for example when trying to decide which TLS versions and/or ciphersuites to disable for security reasons. When doing that, it’s relevant to know whether 0.1% or 5% of the users still use that TLS version or ciphersuite.

Manjunath_sonnad · December 3, 2020, 6:22am

Hi Danilo,

Did u get any answers for this?

Thanks,
Manjunath S S

dbrgn · December 3, 2020, 9:19am

No, not yet, unfortunately…

Lukas · December 3, 2020, 10:44am

Hi,

Tracking TLS version in JavaScript sounds impossible as there doesn’t seem to be a way for JavaScript to get this information. The same seems to be true for PHP.

For log analytics it might be possible if your log contains the information.

You would need to modify the script a bit, so that it reads the data and e.g. sets a custom dimension, but that should be possible:

dbrgn · December 3, 2020, 5:12pm

Yes, this question was mostly about log analytics. I’m not aware of an API that would allow gathering this information via JS.

Thanks @Lukas for your reply. I might look into this sometime if I find time to do so!

peterbo · December 3, 2020, 6:43pm

Should be quite easy to do with log analytics. You’ll have to extend the script a bit to a) get the value from the provided log format and b) inject the value to a custom dimension (a visit scope CD should be enough, because a visitor mostly doesn’t change TLS version while on page)

mctunes · June 24, 2022, 7:15pm

Hi Danilo,

Apologies for resurrecting an old thread, but I just wanted to ask if you ever got anywhere with implementing the changes needed to read and store the various fields related to TLS? I’ve added four fields (crypt-protocol, crypt-cipher, crypt-hash, crypt-keyexchange), and would love to be able to visualize this information in Matomo.

Sadly, I’m no Python programmer, so wouldn’t know where to start dissecting the import_logs.py script

Many thanks in advance!
Mike.

dbrgn · June 25, 2022, 2:03pm

Hi Mike. Sorry, no, I have since switched from self-hosted Matomo to self-hosted Plausible. It has less features (and doesn’t give me TLS information either), but it’s much simpler to set up and keep up to date

mctunes · June 27, 2022, 8:35pm

Many thanks for replying, Danilo

heurteph-ei · August 3, 2022, 12:12pm

@peterbo, maybe you could update the matomo-log-analytics plugin description page to display an example of tls extraction into custom dimension?

mctunes · April 24, 2023, 9:47pm

@peterbo, maybe you could update the matomo-log-analytics plugin description page to display an example of tls extraction into custom dimension?

This would be incredibly useful!

heurteph-ei · April 28, 2023, 2:39pm

Hi @mctunes
I invite you to create maybe a GitHub ticket in the matomo-log-analytics repo to ask for a TLS template: