Getting the client IP address during TLS handshake
38 views
Skip to first unread message
rim...@gmail.com
Jun 8, 2022, 2:47:16 PM6/8/22
to vert.x
Hi,
We would like to get the client IP during the TLS handshake. We have a class extending from X509ExtendedKeyManager and we are overriding the
public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine engine)
method.
@Override
public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine engine) {
String serverString = null;
if (engine != null) {
ExtendedSSLSession session = (ExtendedSSLSession)engine.getHandshakeSession();
if (session != null && session instanceof ExtendedSSLSession) {
LOG.info("Logging client IP address : " + session.getPeerHost());
public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine engine) {
String serverString = null;
if (engine != null) {
ExtendedSSLSession session = (ExtendedSSLSession)engine.getHandshakeSession();
if (session != null && session instanceof ExtendedSSLSession) {
LOG.info("Logging client IP address : " + session.getPeerHost());
//...
}
I even tried (which did not work either) -
LOG.info("Logging client IP address : " + session.getSessionContext()
.getSession(session.getId()).getPeerHost());
.getSession(session.getId()).getPeerHost());
Above code does not seem to get the peer host, it returns null. Is there a way to get the client IP of the client initiating the handshake ?.
Julien Viet
Jun 9, 2022, 8:01:04 AM6/9/22
to vert.x
Hi,
can you elaborate why it is needed ?
Julien
> --
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/5ad8130f-ac90-4d72-9943-b2145cc619c2n%40googlegroups.com.
can you elaborate why it is needed ?
Julien
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/5ad8130f-ac90-4d72-9943-b2145cc619c2n%40googlegroups.com.
rim...@gmail.com
Jun 9, 2022, 8:52:44 AM6/9/22
to vert.x
Hi Julien,
We have a key/trust store that maintains the server certificates , and the Subject Alternative name on the server cert has the internal IP. We want to eliminate the internal IPs from the cert.
In order to do that we need to distinguish the internal clients/external clients connecting to the server. So if we know the client IP we can get the subnet and make our decision based on that and serve up the right certificate from the trust store.
Thanks,
Ranjit
rim...@gmail.com
Jul 1, 2022, 10:35:18 AM7/1/22
to vert.x
Hi Julien,
Again getting back to this topic, we need this for implementing Virtual servers. Is there a way we can contribute to have this functionality available ?. This is a very important requirement for us security wise. Please let us know.
Thanks,
Ranjit
Julien Viet
Jul 6, 2022, 4:42:11 AM7/6/22
to vert.x
Hi,
do you want to only do some logging or take some action during this phase ?
the handshake is implemented by Netty and Vert.x is aware of this
before the handshake or after the handshake.
so it is important you describe what you want to achieve exactly to
understand what it would take to be implemented.
Julien
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/8765689f-5594-41ef-96ed-263ab8db0e06n%40googlegroups.com.
do you want to only do some logging or take some action during this phase ?
the handshake is implemented by Netty and Vert.x is aware of this
before the handshake or after the handshake.
so it is important you describe what you want to achieve exactly to
understand what it would take to be implemented.
Julien
rim...@gmail.com
Jul 27, 2022, 10:26:46 AM7/27/22
to vert.x
Hi Julien,
We want the API to give us couple of things during SSL handshake process -
1) Client IP address of who initiated the handshake.
2) Local server address the connection is bound to.
Thanks,
Ranjit
Julien Viet
Jul 28, 2022, 3:00:16 AM7/28/22
to vert.x
and you only want those info and during the handshake ? no actions
should be taken
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/9bd5c2b5-c542-473f-ada1-9012c0ee1f8bn%40googlegroups.com.
should be taken
Reply all
Reply to author
Forward
0 new messages