cancel
Showing results for 
Search instead for 
Did you mean: 
feickholt
Level 10

Log SSL handshake failures...

I am looking for a way to log SSL handshake error clearly. For example, https://js.passport.qihucdn.com/ is not supported by us. However, the error page is not accessed via the policy. The last step in Rule trace is End Cycle.

The log file contains the request with RC 500. I would like to collect such requests in my own logfile.

Frank

0 Kudos
3 Replies
johnaldridge
Level 10

Re: Log SSL handshake failures...

I'm pretty sure anything that gets picked up by an error handler will show in a rule trace as having reached the end of the rule set for the cycle in which it fails.  At least, all of the many hundreds of SSL handshake errors I've investigated were this way.

I think there have been discussions about logging selected cipher suites.  Or at least, I wanted to get some stats on whats actually in use, as there are some really lame sites out there.

But I've wanted to raise the question (and haven't gotten around to it), but can we do logging in the error handlers?  And if so, what error codes do we want for error handler criteria to pick up SSL handshake errors?

0 Kudos
feickholt
Level 10

Re: Log SSL handshake failures...

Unfortunately, this is not the case. If we have a handshake error, it appears in the logfile with an RC 500. And in the rule trace, the trace ends with the end cycle in the POlicy. (at least this is in version 7.6.2).

It would help me if we could react to such a mistake in the policy. (I know in version 7.7 a lot more is possible)

0 Kudos
btlyric
Level 12

Re: Log SSL handshake failures...

If you're specifically referring to the errors which look like this:

error:14077438Smiley FrustratedSL routinesSmiley FrustratedSL23_GET_SERVER_HELLO:tlsv1 alert internal errorSmiley FrustratedSL error at server handshake:state 25:Application response 500 handshakefailed

I pull these into a separate log file by using the criteria Message.TemplateName equals "handshakefailed" and then logging the value for Protocol.FailureDescription.

0 Kudos