This policy script significantly extends the details that are logged about SSL/TLS handshakes. I am a bit tempted to just make this part of the default log - but it does add a bunch logging overhead for each connection.
