Hi All,
I am using tomcat 7 and in our server we support connection only with "TLSv1.2"
and cipher "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256".
Following is the Access valve pattern
"%{E M/d/y @ hh:mm:ss.S a z}t %a (%{X-Forwarded-For}i) > %A:%p
"%r" %{requestBodyLength}r %D %s %B %I "%{Referer}i"
"%{User-Agent}i" %u %{username}s %{sessionTracker}s with TLS protocol
%{org.apache.tomcat.util.net.secure_protocol_version}r and Cipher
%{javax.servlet.request.cipher_suite}r"
and we are able to see following logs for successful connection:
Wed 1/29/2020 @ 04:19:46.6 PM IST <Source-IP> (-) > <Server-IP>:443 "GET
/favicon.ico HTTP/1.1" - 1 404 66, "https://xx.xx.xx.xx/ /html/popCheck.html"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/79.0.3945.130 Safari/537.36" - - - with TLS protocol TLSv1.2 and
Cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
But in case when request is made with ex. SSLv3, TLSv1 or unsupported ciphers,
Server is rejecting the request but no audit message is coming into the access
logs.
How can I get details about these requests with unsupported ciphers and
unsupported SSL protocols?
Regards
Manish
