-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Durga,
On 3/9/17 3:34 AM, Durga Srinivasu Karuturi wrote: > This is one of the requirement from FIPS/CC certification. Can you provide a reference for this requirement? - -chris > On Wed, Mar 8, 2017 at 11:03 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Durga, > > On 3/8/17 10:02 AM, Durga Srinivasu Karuturi wrote: >>>> We are using JSSE only not APR. Looking for handshake >>>> failures. >>>> >>>> Yes, using JSSE SSL debug, we are able to get all handshake >>>> (-Djavax.net.debug=ssl:handshake) logs including success >>>> cases. These are still quite bit expense logs and meant for >>>> debug purposes. As you said it might impact performance >>>> that's the reason, trying for any other optimal solution >>>> here. > > I know of no way to be notified about handshake failures on the > server side. You may not be able to fulfill this requirement if > using Java for your crypto. > > Honestly, I'm not sure why you care about failed TLS handshakes. > Are you trying to implement a NIDS in your application? This is > better-handled by a network component specifically-designed for > this kind of thing. > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwYazAAoJEBzwKT+lPKRYZsAP/2H4FMI9PuZ6/PtwIgpmSea8 k9jJY50HVgf6OP0rYlzR57dvZnL/x3op9kzSCplTmgNZrRnltc36SzDN8dHQMKm6 Xi0MYnC2whf+Y2+Hh/4mvFnP4UCSiUXpTTLcXITG3x3BA84IPS179BMRSlV4W8MW ZvLJ9z2mi8JZAqZq/aT7/b7Oq46BMSiomsi9so1fxr5PClqASIxFmhhQhIXhwnKx 1MevZ/6ZELD4vs1o9ek79JpVPVb5yillVTEK8RbSzWXEdgzKk26NI4xdRh8MZH6F HkH358AANspDlhyAB+ofRmr1hzDSJ/kp58KxlQ439i8GqvtFd1TxUkoPF8Yk6aEI ifv+FBsxsuW3vJFhbVShXJkLBO0GLiYAQezDnQ6tVWPGdeMkRPnQaSioaFrmsm6z tL3vbjrj3ynTRadYVAF4mz+7R/uRBt3jUkB93J6dUzZqrBIiB/SwX4i97pKvQfeo IOqdQAkVJMdb3IHaBJgLQd3No8Kbz/j9hC+VwQZmrpMi5jmjpLkHAjlyUuabvfqU cko0vuCl/cCMbCBYm9c2J2zuhK3nzTBUpvXNVRP35+dkBSCrz2jYL/chOeqvdzcs xSImhV4N0vn36lc9E+97ohha2RPR9uPvCp5DW9HFjmP+EqaH8Fbl4z2Wg5Twlaxo scB4nofvUIxz2n7rRr// =51TA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org