tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Durga Srinivasu Karuturi <durgasriniv...@gmail.com>
Subject Re: Logging TLS Session Failures
Date Thu, 09 Mar 2017 08:34:39 GMT
This is one of the requirement from FIPS/CC certification.

Thanks,
Durga Srinivasu

On Wed, Mar 8, 2017 at 11:03 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Durga,
>
> On 3/8/17 10:02 AM, Durga Srinivasu Karuturi wrote:
> > We are using JSSE only not APR. Looking for handshake failures.
> >
> > Yes, using JSSE SSL debug, we are able to get all handshake
> > (-Djavax.net.debug=ssl:handshake) logs including success cases.
> > These are still quite bit expense logs and meant for debug
> > purposes. As you said it might impact performance that's the
> > reason, trying for any other optimal solution here.
>
> I know of no way to be notified about handshake failures on the server
> side. You may not be able to fulfill this requirement if using Java
> for your crypto.
>
> Honestly, I'm not sure why you care about failed TLS handshakes. Are
> you trying to implement a NIDS in your application? This is
> better-handled by a network component specifically-designed for this
> kind of thing.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYwEBVAAoJEBzwKT+lPKRYHzkP/1O2jPMu6Z9MBdnCF6LD7FQl
> LMWA6jmO2YjmZFPtJykyUXHuL3beBk/+5cPV275ZApp1brJmmqnxR68P4ZuedOwY
> pX+dLiBTvmLYmsFoYxxfdvpl44UICwvq6qx/4VsSS0okrz9JYQtmO9d2glYG6bDD
> onLmqYoivB2N+18jXoT7PAzBZcAhHFbIFPIox4VXjs9za/WQ4Oc+BUecUKpOCc0i
> yvMz1I9Bo5E+tCMkTsTpbtq/Sk5lF7JozOycda3OVmLpVTf7Xz07luOF0ZaJAY0t
> VMHvNEOuph9dJxkS6mXlPnqqQwf3Prlwhx/zjWm6HT9prGBMraVb9laq44qMMUcg
> rDSSgfxZDiSJKDw7bCA3+o3KQfqIqbkLH9nQ2WICS2YAd9jn5tqy5Faf/H7Dd71D
> mYOdVxXPk5XJPuVOWaK9dVQOEppZ8JWjxxKaofFxFXmQpaiVbSP5FLduRrkvKgJc
> e9necMTzyxs9RwvpJjQtf10blDc51bL3Y+KjbTgJoPTqAIm8kUgI9VOE5NUs5eip
> 1MO9ub52ojavC10B+lU3OGggwHp068ozkM491stTZialCaTCmbo7LPZtKzIz0g4j
> q3JgDS4Y4LVPOoLPjUSfcbzTsxnS2V/SkLhOwQpnvw4lTLrotq5CGPJDQD5ix67j
> 2WbMcngOqAvk16kPb5u+
> =F7yo
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message