I need to log if a SSL handshake fails while a REST client tries to connect to my application. The application is build using Spring Boot and Java 8 and deployed on Tomcat 8.
Unfortunately, it is not possible likely. And it is not related to Tomcat. Logging of SSL it is not part of standard logging in your application. You could try reduce output with following option:
-Djava.net.debug=handshake
Some others:
See docs.
If you really need this and performance is critical for your application, you could instrument SSLSocket (in docs you could read about handshake process) with ASM/Btrace /etc and check the state of handshake inside it. But in that case you wouldn't have debug information - only true/false.
See also Tomcat docs with all available settings. There you can read that there is JSSEImplementation class, which is used in Tomcat. And it is wrapper for JSSE.
I had same issue many times and i cracked it as following way. i had my project setup in intelliJ.
*** CertificateRequest Cert Types: RSA, DSS, ECDSA Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA Cert Authorities:
CN=Symantec Public Class 3, O=Symantec Corporation, C=US
CN=Symantec Class 3 Manage, OU=Symantec Trusted Network, O=Symantec, C=US
[read] MD5 and SHA1 hashes: len = 302
Solution : add missing certs (for our example two certs CN=Symantec Public Class 3 and CN=Symantec Class 3 Manage).
we have to understand the calls between server and client by the SSL Protocol, please check the following link to get more information how server and client communicate.
https://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallProbs
I will give youtube video demo if someone have issue.
I hope this solution will help someone.
Thank You.