We are using istio ingress gateway with AKS and would like to know how could I get logs for which ciphers are being used by clients. I want logs on server side. Security tests have detected some week ciphers and wants to see if they are being used. Below is list of week ciphers:
In particular, see %DOWNSTREAM_TLS_CIPHER% and co. Istio documents configuring the log format here: Istio / Envoy Access Logs
You could enable this, make sure your log format is json, and then just scrape the logs as they come in, thereby building a list of unique, used ciphers over a time period.
Now, I see that istio doesn’t document this option. That could either be because the docs are out of date, or that it was newly added to envoy. I’m not sure offhand, but if you dig further I’m sure you can find out.