We are in the process of Disabling support other than TLS V1.2 for our ssl connector however we would like to show some warning or an error page to end user in case they make a request to our server with browser using version lower than TLS V1.2. Currently our application is not catching any exception in case a lower version protocol browser is requesting a page from application. Moving forward after enabling root logger to debug mode, we saw that there is a SSL handshake exception registered which is like this
DEBUG [org.apache.tomcat.util.net.JIoEndpoint] (http--22.214.171.124-8443-6) Handshake failed: java.io.IOException: SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:191) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1122) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]
Now we want to know if it is possible to catch this exception generated at jboss level by the handshake process, If yes than to handle this and show appropriate response to end user which are not aware that they are using insecure protocol versions (TLS V1.1, SSL V3, ... etc).
Jboss version:- Jboss AS 7.1.1