Log TLS version and cipher name on upstream connection from a proxy (nginx or apache2)

I have set up a proxy server which aims to encrypt the outgoing traffic from our application, with https, that it receives in plain http. there were 3 main reasons;

  • We want to offload the main application and it's server from this workload,
  • The main application server os don't support tls1.3
  • We we want to log the tls version and ciphers used in the transaction.

I've tried in both apache2 and nginx. It works just fine with both for the first two tasks (offloading and provide tls1.3). But I'm not able to log tls-information about the upstream transaction. Anyone know how to log this? It is mainly the TLS-version and cipher that are of interest.

here's my apache-config

<VirtualHost *:80>
    LogFormat "%t %>s %b \"%{X-Redirect-Url}i\" \"%{SSL_SERVER_VERSION}x\"" appproxy
    CustomLog "logs/app_access_log" appproxy
    ErrorLog "logs/app_error_log"
    SSLProxyEngine On
    SSLProxyCheckPeerCN on
    SSLProxyCheckPeerExpire on
    SSLProxyMachineCertificateFile application_client_cert.pem
    SSLProxyMachineCertificateChainFile truststore.pem

    RewriteEngine On
    RewriteRule ^(.*)$ %{HTTP:X-Redirect-Url} [NC,P]
    ProxyPass / "https://$1" 
How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum