From 7336f1acce88a48b0c9ddbf1371f0621eae7cf35 Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <jsha+github@letsencrypt.org>
Date: Mon, 21 Mar 2022 14:01:52 -0700
Subject: [PATCH] wfe: Log TLS version (#6001)

This will help inform deprecation of TLS 1.0 and TLS 1.1 for ACME API requests.
---
 web/context.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/web/context.go b/web/context.go
index 43b1f2b0e..71123f205 100644
--- a/web/context.go
+++ b/web/context.go
@@ -27,6 +27,7 @@ type RequestEvent struct {
 	Code      int     `json:"-"`
 	Latency   float64 `json:"-"`
 	RealIP    string  `json:"-"`
+	TLS       string  `json:",omitempty"`
 
 	Slug           string   `json:",omitempty"`
 	InternalErrors []string `json:",omitempty"`
@@ -100,6 +101,7 @@ func (th *TopHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	logEvent := &RequestEvent{
 		RealIP:    realIP,
 		Method:    r.Method,
+		TLS:       r.Header.Get("TLS-Version"),
 		UserAgent: r.Header.Get("User-Agent"),
 		Origin:    r.Header.Get("Origin"),
 		Extra:     make(map[string]interface{}),