1

I have been working on trying to put together a small Java-based HTTPS/SSL server, mainly to try to get something that can be fairly portable for our testing/diagnostics purposes.

I got such a server app working, based on the example here:

http://www.mybinarylife.net/2012/06/java-ssl-threaded-echo-server.html

But, as I said, one of the things I want is that this server app will output the final negotiated protocol and cipher information for each incoming connection, similar to how Apache custom logging can output the protocol and cipher information as described on this page:

https://isc.sans.edu/forums/diary/Logging+SSL/18847/

In Apache, you can log the protocol version and cipher easily by logging the respective environment variable [1] . For example:

CustomLog logs/ssl_request_log  "%t %h \"{User-agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x "

Logs SSL protocol and cipher.

but I don't see any methods or anything that would get that information in a Java-based application?

SSLSocket has methods for getting ENABLED protocols, etc., but doesn't seem to have any methods for getting the final, negotiated protocol and cipher.

Does anyone know if this is possible in Java, and if so, how can I do that?

Thanks!!

Jim

user555303
  • 1,146
  • 3
  • 20
  • 44

1 Answers1

1

I've finally found the answer to my question. It's basically what was said here:

How to find what SSL/TLS version is used in Java

Get the SSLSession from your SSLSocket on your client and use its getProtocol() method.

I was able to use the getSession() method on the SSLSocket to get the SSLSession, and then used the getProtocol() and getCipherSuite() method of the SSLSession to get the info that I wanted.

Jim

Community
  • 1
  • 1
user555303
  • 1,146
  • 3
  • 20
  • 44