You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/02/01 16:23:45 UTC

[Bug 64110] New: Record TLS protocol in access log for connections with a failed TLS handshake

https://bz.apache.org/bugzilla/show_bug.cgi?id=64110

            Bug ID: 64110
           Summary: Record TLS protocol in access log for connections with
                    a failed TLS handshake
           Product: Tomcat 9
           Version: unspecified
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: chris@christopherschultz.net
  Target Milestone: -----

For reference:
https://lists.apache.org/thread.html/r7d872a09a56b539545a226813761ee3c0dcdf75787449dd8551f2f07%40%3Cusers.tomcat.apache.org%3E

When a TLS connection is attempted and failed, Tomcat will record an access log
where the protocol is "-" and the cipher suite is "-" (if specified in the log
string, of course).

In the event of a TLS handshake failure (e.g. no shared cipher suites, protocol
not supported/configured/allowed, insufficient client-cert trust, etc.), the
TLS protocol itself -- as advertised by the client -- should be a known value,
and should be available to the access log instead of "-".

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64110] Record TLS protocol in access log for connections with a failed TLS handshake

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64110

--- Comment #1 from manish palod <ma...@mcafee.com> ---
This applies to Tomcat 7 and Tomcat 8 also.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64110] Record TLS protocol in access log for connections with a failed TLS handshake

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64110

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- 10.0.x for 10.0.1 onwards
- 9.0.x for 9.0.42 onwards
- 8.5.x for 8.5.62 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 64110] Record TLS protocol in access log for connections with a failed TLS handshake

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64110

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
https://github.com/apache/tomcat/pull/380 submitted for feedback.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org