$ssl_sigalg

Description

The $ssl_sigalg variable is set during the SSL handshake process, specifically when a client establishes a secure connection with an NGINX server. This variable captures and provides information on the signature algorithm that has been employed in the exchange, which is instrumental for auditing, logging, or conditional configurations based on the security parameters established during the connection. Typical values for $ssl_sigalg can include various cryptographic algorithms used in SSL/TLS communication, such as `SHA256 with RSA Encryption`, `SHA1`, or even `ECDSA` signatures, among others, depending on the server's SSL configuration and the client's supported protocols. As SSL/TLS protocols evolve, the available algorithms and their respective representations may also change, reflecting in the values returned by this variable. The variable is generally used in scenarios where specific handling is required based on the strength of the signature algorithm, allowing server administrators to enforce security policies. The $ssl_sigalg variable is primarily utilized in the context of SSL-enabled virtual servers, where it can be used with conditional expressions in directives like `if`, or simply output in log formats for monitoring purposes. It adds a layer of configurability and insight for users wishing to ensure secure practices regarding signature algorithms utilized by clients connecting to their services.

Config Example

log_format custom_format '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$ssl_sigalg"';

access_log /var/log/nginx/access.log custom_format;