1

My tomcat instance is using APR/native connector, which uses OpenSSL under the hood to make SSL connections. I want to receive SSL handshake events, so that any handshake be it success or failure can be logged. I don't see any APR connector option for it.

I am aware of the -Djavax.net.debug=XXX option, but that won't work since the connection is going through OpenSSL stack.

  • Is there something like SSLHandshakeCompletion/SSLHandshakeFailure event that can be captured?
  • If not, is there a way to enable SSL level logging when using APR connector?

I believe it's a common problem, but I haven't been able to find a solution for it yet.

suvidya
  • 510
  • 4
  • 6
  • Not possible. If you switch to Java SSL implementation, the debug would anyway log all the traffic by default (XXX=all), which is probably too much. And changing the value of XXX to anything else than "all" is not working well (a bug is referenced). – Eugène Adell Aug 29 '18 at 05:58
  • 1
    @EugèneAdell Thanks for the response. We ended up patching the _libtcnative_ library to explicitly log handshake failure events, since there is no control up the stack to achieve this. – suvidya Sep 17 '18 at 22:12

0 Answers0