| Summary |
This article discusses the possibility of using an interceptor to catch SSL handshaking errors |
|---|---|
| Environment | Orbix 6.x All supported platforms |
| Question/Problem Description | When an SSL client and server establish a connection there may be a handshaking error at this point. A user may wish to try to capture this programatically. |
| Clarifying Information | |
| Error Message | |
| Defect/Enhancement Number | |
| Cause |
SSL handshaking errors may occur for a number of reasons and may not always be a sign of a security attack. For example a server may require "EstablishTrustInClient", which would require the client to have a certificate configured, but if the client has set principal_sponsor:use_principal_sponsor = "false" then it will not send a certificate and there will be a handshake failure. |
| Resolution |
It is not possible to capture SSL handshaking errors programatically in Orbix as this is handled by the SSL toolkit and will fail before the connection is established and Orbix begins to pass the request through the interceptors in the binding list. |
| Workaround | |
| Notes | Orbix will log such failures in the event_log, one way of capturing these would be to parse the event_log for such failures. This demo shows an interceptor loaded into |
| Attachment |
#orbix6sslhandshakeinterceptor
#KnowledgeDocs
#Orbix
