diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb6eb9a9..a3a99fc1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@
 * Review: Apache reverse proxy config example
 * Add: on-the-fly link activation and default content adjustment in case of bundled InfCloud (tested with 0.13.1)
 * Adjust: [auth] imap: use AUTHENTICATE PLAIN instead of LOGIN towards remote IMAP server
+* Improve: log client IP on SSL error and SSL protocol+cipher if successful
 
 ## 3.4.1
 * Add: option [auth] dovecot_connection_type / dovecot_host / dovecot_port
diff --git a/radicale/app/__init__.py b/radicale/app/__init__.py
index 4e8e688b..f5cfc1aa 100644
--- a/radicale/app/__init__.py
+++ b/radicale/app/__init__.py
@@ -150,6 +150,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
         time_begin = datetime.datetime.now()
         request_method = environ["REQUEST_METHOD"].upper()
         unsafe_path = environ.get("PATH_INFO", "")
+        https = environ.get("HTTPS", "")
 
         """Manage a request."""
         def response(status: int, headers: types.WSGIResponseHeaders,
@@ -210,9 +211,13 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
         depthinfo = ""
         if environ.get("HTTP_DEPTH"):
             depthinfo = " with depth %r" % environ["HTTP_DEPTH"]
-        logger.info("%s request for %r%s received from %s%s",
+        if https:
+            https_info = " " + environ.get("SSL_PROTOCOL", "") + " " + environ.get("SSL_CIPHER", "")
+        else:
+            https_info = ""
+        logger.info("%s request for %r%s received from %s%s%s",
                     request_method, unsafe_path, depthinfo,
-                    remote_host, remote_useragent)
+                    remote_host, remote_useragent, https_info)
         if self._request_header_on_debug:
             logger.debug("Request header:\n%s",
                          pprint.pformat(self._scrub_headers(environ)))
diff --git a/radicale/server.py b/radicale/server.py
index fa43a711..ed6d73a3 100644
--- a/radicale/server.py
+++ b/radicale/server.py
@@ -3,7 +3,7 @@
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2017 Guillaume Ayoub
 # Copyright © 2017-2023 Unrud <unrud@outlook.com>
-# Copyright © 2024-2024 Peter Bieringer <pb@bieringer.de>
+# Copyright © 2024-2025 Peter Bieringer <pb@bieringer.de>
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -262,6 +262,9 @@ class RequestHandler(wsgiref.simple_server.WSGIRequestHandler):
     def get_environ(self) -> Dict[str, Any]:
         env = super().get_environ()
         if isinstance(self.connection, ssl.SSLSocket):
+            env["HTTPS"] = "on"
+            env["SSL_CIPHER"] = self.request.cipher()[0]
+            env["SSL_PROTOCOL"] = self.request.version()
             # The certificate can be evaluated by the auth module
             env["REMOTE_CERTIFICATE"] = self.connection.getpeercert()
         # Parent class only tries latin1 encoding