Determine which TLS version was negotiated by client to a Netty server, with SniHandler

Question

I am current working on a Netty server with SniHandler in the pipeline. I would like to log the negotiated TLS version in session, but I cannot find this information in SniHandler or SniHandler.SslContext.

I was trying to access the SslHandler from SniHandler, but I didn't figure out how since the SniHandler is initiated as below:

p.addLast("sniHandler", new SniHandler(options.domainNameMapping));

I don't know if I am on the right track. Hope someone could give me some advices on retrieving TLS version form session.

Thanks

I am sorry to ask a similar question which should be solved a month ago. Determine which TLS version was negotiated by client to a netty server

Also, that is a minor side of question I would like to know. I was trying to get the sniHandler described above from ctx in another handler, with code below.

SniHandler sniHandler = (SniHandler) ctx.pipeline().get("sniHandler");

It seems to return a null value to me, has anyone know what am I missing?

ThanksThanks

score 1 · Accepted Answer · edited Oct 27 '21 at 05:19

1

The SniHandler is replaced with an SslHandler once the SNI informations are parsed. So you would get the informations from the SslHandler.

Something like:

SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
SSLEngine engine = sslHandler.engine();
String protocol = engine.getSession().getProtocol();

edited Oct 27 '21 at 05:19

spinlok

3,561
18
27

answered Aug 16 '21 at 09:38

Norman Maurer

23,104
2
33
31

Determine which TLS version was negotiated by client to a Netty server, with SniHandler

1 Answers1

Linked