SSL Handshake error - Event Listener
vrinda.nayak Apr 4, 2016 9:54 AMHello,
I'm using Wildfly 10.0.0 Final for our application server. I need to access unsuccessful handshake requests info in application code. Is there a way to write a hook in the Undertow subsystem to have event listeners for TLS/SSL handshake errors? Can someone please help?
Have enabled ssl in standalone-full.xml for https requests as below :
<security-realms>
............
............
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="myKey.jks" relative-to="jboss.server.config.dir" keystore-password="myPass" alias="myAlias" key-password="myPass"/>
</ssl>
</server-identities>
<authentication>
<truststore path="client.truststore" relative-to="jboss.server.config.dir" keystore-password="clientPass"/>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
</security-realms>
............
............
............
</management>
............
............
<security-domains>
.....................
......................
<authentication>
<login-module code="CertificateRoles" flag="required">
<module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
<module-option name="securityDomain" value="client_cert_domain"/>
<module-option name="rolesProperties" value="file:${jboss.server.config.dir}/application-roles.properties"/>
</login-module>
</authentication>
<jsse keystore-password="myPass" keystore-url="file:${jboss.server.config.dir}/myKey.jks" truststore-password="myPass" truststore-url="file:${jboss.server.config.dir}/server.truststore" cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" client-auth="true" protocols="SSLv3, TLSv1"/>
</security-domain>
</security-domains>
</subsystem>
............
............
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"/>
<https-listener name="https" verify-client="REQUIRED" security-realm="UndertowRealm" socket-binding="https"/>
............
</subsystem>