--- dovecot-1.0.7/src/login-common/client-common.c	2007-10-28 02:09:24.000000000 +0200
+++ dovecot-1.0.7-with-cipherlog/src/login-common/client-common.c	2014-10-13 03:11:01.000000000 +0200
@@ -26,6 +26,7 @@
 		{ 'a', NULL },
 		{ 'b', NULL },
 		{ 'c', NULL },
+		{ 'k', NULL },
 		{ '\0', NULL }
 	};
 	struct var_expand_table *tab;
@@ -50,10 +51,12 @@
 	tab[10].value = dec2str(client->remote_port);
 	if (!client->tls) {
 		tab[11].value = client->secured ? "secured" : NULL;
+		tab[12].value = "";
 	} else {
 		tab[11].value = client->proxy != NULL &&
 			ssl_proxy_is_handshaked(client->proxy) ? "TLS" :
 			"TLS handshake";
+		tab[12].value = ssl_proxy_get_security_string(client->proxy);
 	}
 
 	return tab;
--- dovecot-1.0.7/src/login-common/ssl-proxy-openssl.c	2007-10-28 02:09:24.000000000 +0200
+++ dovecot-1.0.7-with-cipherlog/src/login-common/ssl-proxy-openssl.c	2014-10-13 03:12:46.000000000 +0200
@@ -540,6 +540,22 @@
 	return proxy->handshaked;
 }
 
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+	SSL_CIPHER *cipher;
+	int bits, alg_bits;
+
+	if (!proxy->handshaked)
+		return "";
+
+	cipher = SSL_get_current_cipher(proxy->ssl);
+	bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
+	return t_strdup_printf("%s with cipher %s (%d/%d bits)",
+			       SSL_get_version(proxy->ssl),
+			       SSL_CIPHER_get_name(cipher),
+			       bits, alg_bits);
+}
+
 void ssl_proxy_free(struct ssl_proxy *proxy)
 {
 	ssl_proxy_unref(proxy);
--- dovecot-1.0.7/src/login-common/ssl-proxy.c	2007-10-28 02:09:24.000000000 +0200
+++ dovecot-1.0.7-with-cipherlog/src/login-common/ssl-proxy.c	2014-10-13 03:13:47.000000000 +0200
@@ -31,6 +31,11 @@
 	return FALSE;
 }
 
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy)
+{
+	return "";
+}
+
 void ssl_proxy_free(struct ssl_proxy *proxy __attr_unused__) {}
 
 unsigned int ssl_proxy_get_count(void)
--- dovecot-1.0.7/src/login-common/ssl-proxy.h	2007-10-28 02:09:24.000000000 +0200
+++ dovecot-1.0.7-with-cipherlog/src/login-common/ssl-proxy.h	2014-10-13 03:15:17.000000000 +0200
@@ -13,6 +13,7 @@
 bool ssl_proxy_has_valid_client_cert(struct ssl_proxy *proxy);
 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
 bool ssl_proxy_is_handshaked(struct ssl_proxy *proxy);
+const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
 void ssl_proxy_free(struct ssl_proxy *proxy);
 
 /* Return number of active SSL proxies */