TLS handshake event in Tomcat, is there something like that?

Question

TLS handshake event in Tomcat, is there something like that?

Asked by Yonatan Maman At 05 November at 20:49

I'm running an application (web service) in tomcat with TLS enabled (with certificates both for the client and the server).

I want that my application will be able to send audit message (logging) when TLS handshake fails. For example I want to log when:

the client certificate is expired,
the client certificate is unknown (not in the server trust store)
any other handshake failure

Is there any event that I can catch and handle in order to do that ?

– Yonatan

My application is web service based and is running in tomcat. Tomcat is handling all network and the TLS layers, and the application does not aware of that.

As I don't open any socket myself, where should I catch this Exception ?

– Yonatan

Original Q&A

2 Answers

Answered by Community · Answer 1 · 2008-11-05T21:00:54.437

Since I spent the past week debugging Tomcat's SSL configuration, I am pretty sure catching javax.net.ssl.SSLHandshakeException in your code and logging it should take care of all three of those errors.

When you instantiate a new webservice connection in your application, that is when the exception will occur.

Answered by user207421 · Answer 2 · 2017-11-16T23:11:01.467

I'm not aware of anything you can add to Tomcat.

Put an Apache HTTPD in front and use a separate, configured, SSL log.

TechQA.

Linked Questions

Popular Questions

TLS handshake event in Tomcat, is there something like that?

2 Answers

Related Questions