One of our customers ask if we can detect what encryption that have been used (SSL3/TLS1.0/TLS1.1 etc)
They would like to see this because of the POODLE SSLv3 Vulnerability and be able to report on it.
As i know, there are no automatic way of getting insight into what version of SSL is being used.
However - RCON there is a number of things you could pursue, such as turning on the logging of all SSL SHOW SSLDECR LOGLEVEL
I don't have a SSL log at hand so I'm not 100% sure of what will be listed in there but it's a start. There are also some other things you could look into by using the fantastic RCON GUI SSL-Related rcon Commands
Use rcmd show ssldecr status command, the usage is:
SHOW SSLDECR STATUS HELP - display this help message
SHOW SSLDECR STATUS - show aggregated information about SSL decryption status
SHOW SSLDECR STATUS * - show general information about SSL decryption status for all servers
SHOW SSLDECR STATUS ip_addr - show general information about SSL decryption status filtered by IP address
SHOW SSLDECR STATUS ip_addr port - show general information about SSL decryption status for one IP address and port number
The output should be simialr to:
SSL protocol version breakdown per number of sessions:
supported versions: ssl3.0=1003270 tls1.0=1351368 tls1.1=9287 tls1.2=39268
unsupported versions: ssl2.0=34 other versions=0 no version info=2490279