Among the other messages, there will be a message that begins with “SNISecurity Handshake.” Then, there will be a "handshake failed" or "handshake succeeded" message that indicates failure or success.
In the case of a failure, the client and the server could not negotiate the handshake successfully because they shared no common protocols. Because no other information is available about the client yet (the handshake occurs before the logon happens), only the client's IP address is available.
If the handshake succeeded, information about the handshake protocol is available: the cipher, its strength, the hash used, the hash strength, and the client's IP address. Because the handshake was just completed, no information about the client is yet available except its IP address.
Article ID: 3191296 - Last Review: Oct 5, 2017 - Revision: 3