2015-07-25
Everything that does TLS should log the SSL parameters used
Every server and client that makes SSL connections should have an option to log the protocols and ciphers that actually get used.
Having logs of SSL protocols/ciphers in use by your actual users is vital to answering the question of 'can we safely disable <X> now?'
As we've seen repeatedly, every so often there are problems uncovered with TLS ciphers, key exchange protocols, and related things. That's certainly been the pattern in the past and a realistic sysadmin has to conclude that it's going to happen again in the future too. When the next one of these appears, one of the things you often want to do is disable what is now a weak part of TLS; for instance, these days you really want to get away from using RC4 based ciphers. But unless you have a very homogenous environment, there's always an important question mark about whether any of your users is unlucky enough to be using something that (only) supports the weak part of TLS that you're about to turn off.
That's the large part of what logging TLS key exchange and cipher choice is important for. If you have such logs, you can say more or less right away 'no one seems to actually need RC4' or 'no one needs SSLv3' or the like, and you can turn it off with confidence. You can also proactively assess your usage of TLS elements that are considered deprecated or not the best ideas but aren't actually outright vulnerable (yet). If usage of problematic elements is low or nonexistent, you're in a position to preemptively disable them.
The other part of logging TLS connection information is that it lets you assess what level of security your users are actually negotiating and what the popular options are. For example, could you tell right now how many of your users are protected by TLS forward security? How widespread is support for and use of elliptic curve cryptography as opposed to older key exchange protocols? And so on and so forth.
(This can also let you assess something about the age of client software and its TLS code, since only new software is likely to be using the latest ciphers and so on. And ancient cipher choices are a good sign of old client software.)
Client logging for things like outgoing SMTP mail delivery with TLS is also important because it tells you something about how picky you can be. If you drop usage of RC4, for example, are you going to be unable to negotiate TLS with some mail servers you deliver mail to regularly, or will you be basically unaffected? How many MTAs do you try to deliver to that have too-small Diffie-Hellman parameters? There are tradeoffs here, but again having information about actual usage is important for making sensible decisions.