https://fedorahosted.org/389/ticket/47945

https://fedorahosted.org/389/attachment/ticket/47945/0001-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.5.patch
git patch file (master) -- applied the change in comment:11 by Rich. Thank you!!

Once approved, I'm going to attach the code slapi_getSSLVersion_str to this bug...
Bug 1161807 - [RFE] API to convert SSL version number to SSL version string

--noriko

On 11/10/2014 01:10 PM, 389 Project wrote:

#47945: Add SSL/TLS version info to the access log
-------------------------------------------------+-------------------------
        Reporter:  nhosoi                        |          Owner:  nhosoi
            Type:  defect                        |         Status:
        Priority:  major                         |  accepted
       Component:  Directory Server              |      Milestone:  1.3.3
      Resolution:                                |  backlog
      Blocked By:                                |        Version:  1.3.0
          Review:  review?                       |       Keywords:
Red Hat Bugzilla:                                |       Blocking:
  [https://bugzilla.redhat.com/show_bug.cgi?id=1153737|  Ticket origin:
  1153737]                                       |  Community
-------------------------------------------------+-------------------------

Comment (by rmeggins):

 Thanks.  Almost there
 {{{
     if ((vnum & SSL_LIBRARY_VERSION_3_0) == SSL_LIBRARY_VERSION_3_0) {
     ...
 }}}
 This will only work for TLSv1.x.  I would like to see support for TLSv2.x
 and later, something like this:
 {{{
     if (vnum >= SSL_LIBRARY_VERSION_3_0) {
         if (vnum == SSL_LIBRARY_VERSION_3_0) { /* SSL3 */
             if (buf && bufsize) {
                 PR_snprintf(buf, bufsize, "SSL3");
             } else {
                 vstr = slapi_ch_smprintf("SSL3");
             }
         } else { /* TLS v X.Y */
             const char *TLSFMT = "TLS%d.%d";
             int minor_offset = 0; /* e.g. 0x0401 -> TLS v 2.1, not 2.0 */

             if ((vnum & SSL_LIBRARY_VERSION_3_0) ==
 SSL_LIBRARY_VERSION_3_0) {
                 minor_offset = 1; /* e.g. 0x0301 -> TLS v 1.0, not 1.1 */
             }
             if (buf && bufsize) {
                 PR_snprintf(buf, bufsize, TLSFMT, (vnum >> 8) - 2, (vnum &
 0xff) - minor_offset);
             } else {
                 vstr = slapi_ch_smprintf(TLSFMT, (vnum >> 8) - 2, (vnum &
 0xff) - minor_offset);
             }
         }
     } else { /* SSL2 or unknown */
         ...
     }
 }}}
 That way, if vnum > SSL_LIBRARY_VERSION_3_0 (e.g. vnum == 0x0400 e.g. TLS
 v2.0) our code will support it with no changes.