0 Replies Latest reply on Apr 4, 2016 9:54 AM by vrinda.nayak

    SSL Handshake error - Event Listener

    vrinda.nayak
    vrinda.nayak Apr 4, 2016 9:54 AM

      Hello,

       

      I'm using Wildfly 10.0.0 Final for our application server. I need to access unsuccessful handshake requests info in application code. Is there a way to write a hook in the Undertow subsystem to have event listeners for TLS/SSL handshake errors? Can someone please help?

       

      Have enabled ssl in standalone-full.xml for https requests as below :

       

      <management>

       

              <security-realms>

                 ............

                 ............

                  <security-realm name="UndertowRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="myKey.jks" relative-to="jboss.server.config.dir" keystore-password="myPass" alias="myAlias" key-password="myPass"/>

                          </ssl>

                      </server-identities>

                      <authentication>

                          <truststore path="client.truststore" relative-to="jboss.server.config.dir" keystore-password="clientPass"/>

                          <local default-user="$local" skip-group-loading="true"/>

                          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>

                      </authentication>

                  </security-realm>

              </security-realms>

                 ............

                 ............

                 ............

      </management>

      ............

      ............

      <subsystem xmlns="urn:jboss:domain:security:1.2">

       

                  <security-domains>

                      .....................

                     ......................

                     <security-domain name="client_cert_domain" cache-type="default">

       

                          <authentication>

                              <login-module code="CertificateRoles" flag="required">

                                  <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>

                                  <module-option name="securityDomain" value="client_cert_domain"/>

                                  <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/application-roles.properties"/>

                              </login-module>

                          </authentication>

                          <jsse keystore-password="myPass" keystore-url="file:${jboss.server.config.dir}/myKey.jks" truststore-password="myPass" truststore-url="file:${jboss.server.config.dir}/server.truststore" cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" client-auth="true" protocols="SSLv3, TLSv1"/>

                      </security-domain>

                </security-domains>

      </subsystem>

                 ............

       

                 ............

                 ............

      <subsystem xmlns="urn:jboss:domain:undertow:3.0">

                  <buffer-cache name="default"/>

                  <server name="default-server">

                      <http-listener name="default" socket-binding="http"/>

                      <https-listener name="https" verify-client="REQUIRED" security-realm="UndertowRealm" socket-binding="https"/>

       

                 ............

       

                 ............

      </subsystem>

                 ............

       

                 ............

                 ............

       

      Regards.

      Vrinda

       

       

      • 158 Views
      • Tags: