In order to identify what TLS version our clients are connecting with, I need to log details about the SSL/TLS handshake on a Google Cloud Load Balancer (GKE Ingress).
Logging the TLS/SSL version would be a great first step. I will need to identify which user the request is coming from in a second step.
By default, only the httpRequest is logged but contains no information about the handshake.
httpRequest: {
latency: "0.077152s"
remoteIp: "1.2.3.4"
requestMethod: "POST"
requestSize: "256988"
requestUrl: "https://api.foo.bar/v1.0/foo"
responseSize: "22746"
serverIp: "1.2.3.4"
status: 200
userAgent: "axios/0.20.0"
}
You can add the tls info via custom headers: https://cloud.google.com/load-balancing/docs/https/custom-headers?authuser=1#variables. You'll need to log these on your own. Please note there is a charge for custom headers.