TLS handshake event in Tomcat, is there something like that ?

views:

345

answers:

+2 Q:

TLS handshake event in Tomcat, is there something like that ?

Hi I'm running an application (web service) in tomcat with TLS enabled (with certificates both for the client and the server).

I want that my application will be able to send audit message (logging) when TLS handshake fails. for example I want to log when:

the client certificate is expired,
the client certificate is unknown (not in the server trust store)
any other handshake failure

is there any event I can catch and handle in order to do that ?

please advice -- Yonatan

Since I spent the past week debugging Tomcat's SSL configuration, I am pretty sure catching javax.net.ssl.SSLHandshakeException in your code and logging it should take care of all three of those errors.

When you instantiate a new webservice connection in your application, that is when the exception will occur.

2008-11-05 21:00:54

my application is web service based and is running in tomcat.Tomcat is handling all the TLS issues, and the application is not aware of that. where should I catch this Exception ?

Yonatan Maman 2008-11-05 21:09:31

my application is the 'server side' (using axis2) it does not initiate anything explicitly

Yonatan Maman 2008-11-06 22:08:19

Josh, I think you may be talking about catching the exception on the client side? Yanatan is asking about the server side.

Kevin Panko 2009-11-16 23:16:21

my application is web service based and is running in tomcat. Tomcat is handling all network and the TLS layers, and the application does not aware of that.

As I don't open any socket myself, where should I catch this Exception ? – Yonatan

Yonatan Maman 2008-11-05 22:30:29

ansaurus

tags:

views:

answers:

TLS handshake event in Tomcat, is there something like that ?

related questions