GoLang - How to catch TLS Handshake Failures?

Question

i have a webserver in Golang with TLS/SSL. I need log all requests with some details. In the case, when visitor will accept my self-signed certificate, i will make a full log (host, requesturi, useragent, etc..), but on the case of TLS Handshake Failure the connection is not established and i can't make a log.

    getCert := func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {

        log.Println("SSL Request: ",hello.ServerName);

        var xcert tls.Certificate
        var error error

        xcert, error = tls.LoadX509KeyPair("goweb.crt", "goweb.key")

        return &xcert, error
    }

    tcpSrv := &http.Server{
        Addr:":80",
        ReadTimeout:10*time.Second,
        WriteTimeout:10*time.Second,
        IdleTimeout:5*time.Second,
        MaxHeaderBytes: 1 << 20,
    }
    tlsSrv := &http.Server{
        Addr:":443",
        ReadTimeout:10*time.Second,
        WriteTimeout:10*time.Second,
        IdleTimeout:5*time.Second,
        MaxHeaderBytes: 1 << 20,
        TLSConfig: &tls.Config{GetCertificate: getCert},
    }

In my sample, i'm able get a log on function getCert, but this function is only for load certificates - so i didnt know if there is error with handshakes or not, also IP of visitor, etc.

Is any way how i can handle TLS Handshake error on server side and log it ?

[this issue](https://github.com/golang/go/issues/38877) provides one option. — Brits, Mar 07 '22 at 20:02
I think you're looking for something like this: https://stackoverflow.com/questions/52294334/net-http-set-custom-logger — Dan Esparza, Jun 13 '22 at 20:47

GoLang - How to catch TLS Handshake Failures?

0 Answers0