On 29/01/2020 12:40, Palod, Manish wrote:
> Hi All,
>
>
> I am using tomcat 7 and in our server we support connection only with
> "TLSv1.2" and cipher "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256".
>
>
>
> Following is the Access valve pattern
> "%{E M/d/y @ hh:mm:ss.S a z}t %a (%{X-Forwarded-For}i) > %A:%p
> "%r" %{requestBodyLength}r %D %s %B %I "%{Referer}i"
> "%{User-Agent}i" %u %{username}s %{sessionTracker}s with TLS
> protocol %{org.apache.tomcat.util.net.secure_protocol_version}r and Cipher
> %{javax.servlet.request.cipher_suite}r"
>
>
>
> and we are able to see following logs for successful connection:
>
>
>
> Wed 1/29/2020 @ 04:19:46.6 PM IST <Source-IP> (-) > <Server-IP>:443 "GET
> /favicon.ico HTTP/1.1" - 1 404 66, "https://xx.xx.xx.xx/
> /html/popCheck.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" -
> - - with TLS protocol TLSv1.2 and Cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>
>
> But in case when request is made with ex. SSLv3, TLSv1 or unsupported
> ciphers, Server is rejecting the request but no audit message is coming into
> the access logs.
>
> How can I get details about these requests with unsupported ciphers and
> unsupported SSL protocols?
>From Tomcat, you can't.
If you upgrade to 8.5.x onwards you will get a 400 in the access logs.
You won't get the protocol or cipher information since that requires a
successful TLS connection before it is populated.
You could enabled TLS handshake debugging at the JRE level but that will
probably generate far more data than you want.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
