-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 1/29/20 7:56 AM, Mark Thomas wrote:
> On 29/01/2020 12:40, Palod, Manish wrote:
>> Hi All,
>>
>>
>> I am using tomcat 7 and in our server we support connection only
>> with "TLSv1.2" and cipher
>> "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256".
>>
>>
>>
>> Following is the Access valve pattern "%{E M/d/y @ hh:mm:ss.S a
>> z}t %a (%{X-Forwarded-For}i) > %A:%p "%r"
>> %{requestBodyLength}r %D %s %B %I "%{Referer}i"
>> "%{User-Agent}i" %u %{username}s %{sessionTracker}s
>> with TLS protocol
>> %{org.apache.tomcat.util.net.secure_protocol_version}r and Cipher
>> %{javax.servlet.request.cipher_suite}r"
>>
>>
>>
>> and we are able to see following logs for successful connection:
>>
>>
>>
>> Wed 1/29/2020 @ 04:19:46.6 PM IST <Source-IP> (-) >
>> <Server-IP>:443 "GET /favicon.ico HTTP/1.1" - 1 404 66,
>> "https://xx.xx.xx.xx/ /html/popCheck.html" "Mozilla/5.0 (Windows
>> NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/79.0.3945.130 Safari/537.36" - - - with TLS protocol
>> TLSv1.2 and Cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>>
>>
>> But in case when request is made with ex. SSLv3, TLSv1 or
>> unsupported ciphers, Server is rejecting the request but no audit
>> message is coming into the access logs.
>>
>> How can I get details about these requests with unsupported
>> ciphers and unsupported SSL protocols?
>
> From Tomcat, you can't.
>
> If you upgrade to 8.5.x onwards you will get a 400 in the access
> logs. You won't get the protocol or cipher information since that
> requires a successful TLS connection before it is populated.
IIRC, we are parsing a little of the initial handshake packet for a
few things. Would it be possible to snatch the protocol version from
there and report it in the log file? The cipher suite of course is
never going to exist because there was no overlap between the client
and the server, but the protocol always has a single value for a
handshake attempt.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4xrIsACgkQHPApP6U8
pFgkNA/9FGRMi+DAxJVw8053fak0zPLbNsEHEdWmdtFI3NXIWpS8weMTEN2/RMM+
BA9pbkLvEk25+d8cWiCSIJWuhkB6chftwCdddKnFeIwhSgPl3hCG1qY3ruDEUj2y
/RpWObYXvQ+pbZoRGCHaTKg1pYL5ZJBvQMU+1qzivU0HViHbYa4PA2+NpNODmFgv
gVKuT/1UTH9rtTiDaBkAewJ+s9/wC2csQefZieIqP0WTnhC+ou26844WU1K+1uaV
i6S2YiMb7jP8dXD6QSUdbcFFmbC9ELIIXKp3b7X2nnSW6O4YWk8TYVAFLA9lhqvL
IKr6UtxfSLa+8CBrSdxYEdpT5tBcWtyERKyMuIlj/p2P445CfXkpR4Y4quTqULUZ
os7sR5AI20U9jsKhweDyBX6a8HxpGM+iAl+/GdUkMguflZSl1VNVfk1RcMNo2dCM
XqdIPSiqQBCIC1g/x6xKyU/g2J6NBtwCHuFzbYHxAP89zI1t5WZpyaM6eoB1G/wO
sFLHWgNzXAT3wCye+5c2g4S5QR/79HpOi1hnHduUymxI+Eax8jwE4Wa/XfubPICz
YXoT1fOcloWuFViRZi8qqviECzBEmw/RaJNGVK9yNf6E38N7ukJlWpn1fJi2rBh6
/Ztl6OijnH+25X8rFMPIbpdY04E3hQlw6Gqc7b+EBd6M8+hd1ZM=
=gYme
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
