You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Utkarsh Dave <ut...@gmail.com> on 2015/02/13 06:39:31 UTC
To log TLS sessions !
Hi all,
Need your thoughts and comments on the requirement where we need to
log/capture information when TLS sessions are setup, the logs will be
logged to indicate successful or failed connection establishment or even
connection being disconnected.
RequestDumperFilter is one way but that will
dump each and every requests and response in detail
-Utkarsh
Re: To log TLS sessions !
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Utkarsh,
On 2/13/15 12:25 PM, Utkarsh Dave wrote:
> Thanks Chris. Any other thoughts?
Well, what you want is at a pretty low level. If you are using a JSSE
connector, you'll never see failed TLS handshakes. I'm not sure what
options are available for failed connection attempts if you are using
the APR (native) connector.
If you want TLS information from /successful/ attempts, it's easy for
you to grab that from any Filter, Servlet, etc.
If you want the best information available, I think you want to attach
a protocol tracer to the server and watch that traffic. That way,
you'll see the full TLS handshake and you can log whatever you want.
- -chris
> On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Utkarsh,
>
> On 2/13/15 12:39 AM, Utkarsh Dave wrote:
>>>> Need your thoughts and comments on the requirement where we
>>>> need to log/capture information when TLS sessions are setup,
>>>> the logs will be logged to indicate successful or failed
>>>> connection establishment or even connection being
>>>> disconnected.
>>>>
>>>> RequestDumperFilter is one way but that will dump each and
>>>> every requests and response in detail
>
> My first thought would be to see how the RequestDumperFilter does
> it, and then only use that part of the code.
>
> -chris
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJU3jz8AAoJEBzwKT+lPKRYqysP/j1JsV4KyHrNP+91qx8PDPjF
h+OvWwQsSjFgIAVgkc/uMXHOZWCcgZNBgLu6DIOs2rVdGr6BUYdrmuR9/Xa75NSG
n+42BvvrwMMoxRH0/sV+Zt30Ge34iYYAlT5YMzA6V26jdUEqVHT/WIlv89WIHFPW
Mhi9Wl4ZBdxQnN+1rbLVky+Cjhh3mbJtOonMnXrHctv6ILuu1EaO7gt4USgZ/Gsu
TkHxsYgVy652aMwjT4Ihg/tr28g70DnscYbWVzVJqLLQtXhVSaPY015f65TStptv
Q7DSkDtW6OtkF/0Eae/FKqxhOjNSM4JSq86Rpc/ahTq45dEQJLlucFK9IsXdh1MA
JS2/xvKgJwBa5Ugo1ciC4S2qaldARuOu9j8MCQxxzfveMXuDCYGn7Lw2rqdYCrTI
OjCAdDe7GNXq/ypsOtT5M2v7QXAj7RrpIsYg358D4IAj2H5rEPdnT6odldpf+q4O
Ov6j2/my1DdB8Mi3u2A+zzMcPFW5jUqC2XvaZDCnhdHS+MvoW4u1Q3HSWNS0Jp4i
rEJ2J3FNCWJZ+eEq7f/V4NKwtbcfH/w7Y0WmxeTSQtbzPklBnwK6Ya+EbnZeZs7k
xjAY3N9ymNMYco61BdaUjNGHM3JLghmcP8+mQMd+Lz/SsfDIBco2VKA3yjOnEgR5
CbB84/hl8t5NPiXMqGO1
=NTTc
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: To log TLS sessions !
Posted by Utkarsh Dave <ut...@gmail.com>.
Thanks Chris.
Any other thoughts?
On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Utkarsh,
>
> On 2/13/15 12:39 AM, Utkarsh Dave wrote:
> > Need your thoughts and comments on the requirement where we need
> > to log/capture information when TLS sessions are setup, the logs
> > will be logged to indicate successful or failed connection
> > establishment or even connection being disconnected.
> >
> > RequestDumperFilter is one way but that will dump each and every
> > requests and response in detail
>
> My first thought would be to see how the RequestDumperFilter does it,
> and then only use that part of the code.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJU3idTAAoJEBzwKT+lPKRYvmcP/1rZ+DuMyTFq9rxyxYcVlH9I
> s2gcCjSP4vXWEmwV6mTeVP6kD1v2ld8/ZsMcCI9kHPiT9XIFe8w4o9HJQ4vYsu1D
> hwzNdIhSvYmQzijcUnDxy4M7bG43SRDrEoWLCgcbKx9SBCy5pnoh7fZ5Ubafmv3Z
> 1eQ6LNha5bY+8CH7Vodkt9ISYZeBUnnWz6TpPlD/wLEst/tF4MyBCyEuqxxJXDMn
> 9K8OPhnkoXGk2P4Q4dtl+f8CTKWXaWAVA4kynz75zhmaFy68B73bjI+VKubJUnrc
> 65xsijSVE32ZtFoBxa9I/nw6NwjcvFfjNNvfq/OEZtDEwS7ji88p/J2VFJ3GzI7o
> isYIuDHftiTeNjS0Q4eZ7EN9YtuuHn+a3tBzZhg6duBERu0aywjK0PEkbPWJP8BX
> 9fIx75Rqy7iBFcD5rmnmDgRah+R9kqvnAWpYdJWL+CB2kq6mo+0HZT/NQMSZ0PHa
> BTUIyJGac6DzToeyJ4HjFa8GPGAN68gJsVNX6NM+KUxVNSb6XaMTCTVxWic16QD0
> W5FDoEXU7MTEaVN8jUE58VJPIBrXMVbIO5dGuPrjNFqmGteClVN17ULRlGTx+2ru
> k58MCN0uCRxlCfGQTky3BbcgwAACVpgWNx1dd7N9mfdbGnv92FDX/sU/V0DTeNqF
> gHGXzkIPn8vfxyJFFAPr
> =gnmt
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: To log TLS sessions !
Posted by Utkarsh Dave <ut...@gmail.com>.
Thank you Christ.
On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Utkarsh,
>
> On 2/13/15 12:39 AM, Utkarsh Dave wrote:
> > Need your thoughts and comments on the requirement where we need
> > to log/capture information when TLS sessions are setup, the logs
> > will be logged to indicate successful or failed connection
> > establishment or even connection being disconnected.
> >
> > RequestDumperFilter is one way but that will dump each and every
> > requests and response in detail
>
> My first thought would be to see how the RequestDumperFilter does it,
> and then only use that part of the code.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJU3idTAAoJEBzwKT+lPKRYvmcP/1rZ+DuMyTFq9rxyxYcVlH9I
> s2gcCjSP4vXWEmwV6mTeVP6kD1v2ld8/ZsMcCI9kHPiT9XIFe8w4o9HJQ4vYsu1D
> hwzNdIhSvYmQzijcUnDxy4M7bG43SRDrEoWLCgcbKx9SBCy5pnoh7fZ5Ubafmv3Z
> 1eQ6LNha5bY+8CH7Vodkt9ISYZeBUnnWz6TpPlD/wLEst/tF4MyBCyEuqxxJXDMn
> 9K8OPhnkoXGk2P4Q4dtl+f8CTKWXaWAVA4kynz75zhmaFy68B73bjI+VKubJUnrc
> 65xsijSVE32ZtFoBxa9I/nw6NwjcvFfjNNvfq/OEZtDEwS7ji88p/J2VFJ3GzI7o
> isYIuDHftiTeNjS0Q4eZ7EN9YtuuHn+a3tBzZhg6duBERu0aywjK0PEkbPWJP8BX
> 9fIx75Rqy7iBFcD5rmnmDgRah+R9kqvnAWpYdJWL+CB2kq6mo+0HZT/NQMSZ0PHa
> BTUIyJGac6DzToeyJ4HjFa8GPGAN68gJsVNX6NM+KUxVNSb6XaMTCTVxWic16QD0
> W5FDoEXU7MTEaVN8jUE58VJPIBrXMVbIO5dGuPrjNFqmGteClVN17ULRlGTx+2ru
> k58MCN0uCRxlCfGQTky3BbcgwAACVpgWNx1dd7N9mfdbGnv92FDX/sU/V0DTeNqF
> gHGXzkIPn8vfxyJFFAPr
> =gnmt
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: To log TLS sessions !
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Utkarsh,
On 2/13/15 12:39 AM, Utkarsh Dave wrote:
> Need your thoughts and comments on the requirement where we need
> to log/capture information when TLS sessions are setup, the logs
> will be logged to indicate successful or failed connection
> establishment or even connection being disconnected.
>
> RequestDumperFilter is one way but that will dump each and every
> requests and response in detail
My first thought would be to see how the RequestDumperFilter does it,
and then only use that part of the code.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJU3idTAAoJEBzwKT+lPKRYvmcP/1rZ+DuMyTFq9rxyxYcVlH9I
s2gcCjSP4vXWEmwV6mTeVP6kD1v2ld8/ZsMcCI9kHPiT9XIFe8w4o9HJQ4vYsu1D
hwzNdIhSvYmQzijcUnDxy4M7bG43SRDrEoWLCgcbKx9SBCy5pnoh7fZ5Ubafmv3Z
1eQ6LNha5bY+8CH7Vodkt9ISYZeBUnnWz6TpPlD/wLEst/tF4MyBCyEuqxxJXDMn
9K8OPhnkoXGk2P4Q4dtl+f8CTKWXaWAVA4kynz75zhmaFy68B73bjI+VKubJUnrc
65xsijSVE32ZtFoBxa9I/nw6NwjcvFfjNNvfq/OEZtDEwS7ji88p/J2VFJ3GzI7o
isYIuDHftiTeNjS0Q4eZ7EN9YtuuHn+a3tBzZhg6duBERu0aywjK0PEkbPWJP8BX
9fIx75Rqy7iBFcD5rmnmDgRah+R9kqvnAWpYdJWL+CB2kq6mo+0HZT/NQMSZ0PHa
BTUIyJGac6DzToeyJ4HjFa8GPGAN68gJsVNX6NM+KUxVNSb6XaMTCTVxWic16QD0
W5FDoEXU7MTEaVN8jUE58VJPIBrXMVbIO5dGuPrjNFqmGteClVN17ULRlGTx+2ru
k58MCN0uCRxlCfGQTky3BbcgwAACVpgWNx1dd7N9mfdbGnv92FDX/sU/V0DTeNqF
gHGXzkIPn8vfxyJFFAPr
=gnmt
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org