4

I embedded Jetty server into my application. In my application I can read cipher-suite it negotiated by reading javax.servlet.request.cipher_suite of request attributes. Now I want to check if my clients use TLSv1.0, TLSv.1.1 or TLSv.1.2. If I enable debugging of SSL I can see it on my console:

qtp2819825-43, WRITE: TLSv1.2 Application Data, length = 8038

But how can I read it in my handler()?

I studied both org.eclipse.jetty.server.Request and javax.servlet.http.HttpServletRequest. There is getProtocol() method but it returns HTTP/1.1.

Michał Niklas
  • 53,067
  • 18
  • 70
  • 114

2 Answers2

1

This question is open for a while but since there is an answer now it might be relevant for others.

You can configure your ServerConnector by adding a SecureRequestCustomizer to its HttpConfiguration. An example can be found at StackOverflow, but there are many more out there.

When setting this customizer, informations are added as attributes, you can retrieve from the HttpServletRequest. The complete SSLSession was added as result of a "bugreport" and is available at least with versions >= 9.3. The default attribute name is org.eclipse.jetty.servlet.request.ssl_session but you can set it yourself in your configuation by calling setSslSessionAttribute("your.attribute.name")

Lothar
  • 5,323
  • 1
  • 11
  • 27
0

From Jetty 9.3 I can read TLS version by:

    SSLSession sslSession = (SSLSession)request.getAttribute("org.eclipse.jetty.servlet.request.ssl_session");
    if (sslSession == null)
        env.set("SSL_PROTOCOL_VERSION", "NULL");
    else
        env.set("SSL_PROTOCOL_VERSION", sslSession.getProtocol());
Michał Niklas
  • 53,067
  • 18
  • 70
  • 114