Can I host a TLS handshake event in Tomcat?

Question

Can I host a TLS handshake event in Tomcat?

I am running an application (web service) in Tomcat with TLS enabled (with certificates for both the client and the server).

I want my application to be able to send a control message (logging) when a TLS handshake fails. For example, I want to log in when:

client certificate has expired
client certificate is unknown (not in the server trust store)
any other handshake failure

Is there an event that I can catch and handle to do this?

My application is based on web services and runs on tomcat. Tomcat handles all layers of the network and TLS, and the application does not know about it.

Since I myself do not open the socket, where can I catch this exception?

+7

security ssl tomcat ws-security

Yonatan maman Nov 05 '08 at 20:49

source share

2 answers

user207421 · Answer 1 · 2017-11-16T23:11:01+0000

I do not know anything that can be added to Tomcat.

Put Apache HTTPD in front and use the separate, configured SSL protocol.

Josh · Answer 2 · 2008-11-05T21:00:54+0000

Since I spent the last week debugging the Tomcat SSL configuration, I am sure that you catch javax.net.ssl.SSLHandshakeException in your code and log it, it should take care of all three of these errors.

When you create a new webservice application in your application, that is, when an exception occurs.

Can I host a TLS handshake event in Tomcat?

More articles: