{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Is it possible to do a TLS handshake event in Tomc》','https://www.manongdao.com/q-632119.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm running an application (web service) in tomcat with TLS enabled (with certificates both for the client and the server).
I want that my application will be able to send audit message (logging) when TLS handshake fails. For example I want to log when:
- the client certificate is expired,
- the client certificate is unknown (not in the server trust store)
- any other handshake failure
Is there any event that I can catch and handle in order to do that?
My application is web service based and is running in tomcat. Tomcat is handling all network and the TLS layers, and the application does not aware of that.
As I don't open any socket myself, where should I catch this Exception?
Since I spent the past week debugging Tomcat's SSL configuration, I am pretty sure catching
javax.net.ssl.SSLHandshakeExceptionin your code and logging it should take care of all three of those errors.When you instantiate a new webservice connection in your application, that is when the exception will occur.
I'm not aware of anything you can add to Tomcat.
Put an Apache HTTPD in front and use a separate, configured, SSL log.