tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Durga Srinivasu Karuturi <durgasriniv...@gmail.com>
Subject Re: Logging TLS Session Failures
Date Wed, 08 Mar 2017 15:02:24 GMT
Chris,

We are using JSSE only not APR. Looking for handshake failures.

Yes, using JSSE SSL debug, we are able to get all handshake
(-Djavax.net.debug=ssl:handshake) logs including success cases. These are
still quite bit expense logs and meant for debug purposes. As you said it
might impact performance that's the reason, trying for any other optimal
solution here.


Thanks,
Durga Srinivasu

On Wed, Mar 8, 2017 at 8:10 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Durga,
>
> On 3/8/17 9:29 AM, Durga Srinivasu Karuturi wrote:
> > We have a requirement in our application to log all TLS session
> > failures.
>
> Specifically, what kind of failures? Failed handshakes? Initial or
> re-negotiation? Are you using JSSE or APR? If JSSE, are you using the
> OpenSSL crypto-backend?
>
> > We are using Tomcat 8.5.11 using JSSE for SSL layer. Is there any
> > way to configure tomcat to log/trace any TLS Failure on tomcat
> > sessions?
>
> Not at the moment. If you are using JSSE with the Oracle crypto
> backend, you can put it into debug mode, but you don't want to do
> that; it will produce so much output it will measurably slow-down your
> server.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYwBfWAAoJEBzwKT+lPKRYPDMP/06EccSRlV9KGNtQ2167Plsw
> PNefVfp4qcSHlsT8xBe2pWDU52ybLqOugBKGtTxa/ZGHDo1aMJCR+HZJqNspujdl
> Qe/7GVFKlzu6d8ucBJ/VgjM/sU+dLQnYW7sLJpfiM7gtOD3zcRYH1BN7iTW1Ij6e
> JYFrqvP6TJpdHtJgQ9n8AXB/+iUzqF6sigJPYFe6HNM4oAiuU6M8AzhNwtNM2AUN
> fnE2OyB+0FNcnwizLqhZ9+RJZeMIbb8wsyUJiOGkqyTBFcYrsPx5VR6A29+u+3R1
> FKES8jgzDAqlztdG2kZK8EmUrJokRT9aDoDKYbuSWW/+QujDDpl76pLdSaTR/eVB
> RuJSRwkyV3VA68Wg6FBGFNNCmV/1t2Yii3dLxa1aLph6TipIyEo16nyDr7yf5HPZ
> hKyfoeyIMVvreN0ldjwNlsKvlHHDheun5l02/h7hE934UYb+9KyfY1vhWuzfNcKu
> QgG8oExdi91GfjAR9vApTuVm5fAra07oqNzlXhFrx3dbYWrJamTL6uymlvxoHhhL
> KkVz6F68sMR0AqDV2+tgcKOxV7GWl+kQueMo7csBZ54kNaNN/Qcw2tRyG4iz0mNk
> ihRG5REvbqTGfN+TQzoeYLdysdU7n1R/tfxb4dHeqP6x8FMOTwz/yRdYywUsX+9e
> 83XGxnDX3Ps0mW9xA8Ab
> =H9l5
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message