How to enable SSL/TLS debug logging.

Introduction

In order to troubleshoot SSL/TLS issues it maybe necessary to enable debug logging for the classes that handle SSL, to do so follow the instructions below:

  1. Go to the jboss console https://<IP_OF_SERVER>:9990
  2. Navigate to the "Server" section.
  3. Select the appropriate "Host"
  4. Click on "Server Configurations" in the "Server" section
  5. Select the appropriate "Server Configuration" name
  6. Select the "JVM Configuration" tab
  7. Click on "Edit"
  8. Add the appropriate ssl debug jvm option to the "JVM Options" field e.g. -Djavax.net.debug=all
  9. Click on "Save"
  10. Repeat above steps for all relevant servers and hosts
  11. Reboot the affected machines

The relevant log files should now contain SSL/TLS debug output e.g. If debug is enabled for the load balancer, the domain/servers/loadbalancer-xxx/log/server.log file will contains lines something like:

2013-07-30 07:23:26,473 INFO  [stdout] (Extension-Thread-1) trigger seeding of SecureRandom
2013-07-30 07:23:26,473 INFO  [stdout] (Extension-Thread-1) done seeding SecureRandom
2013-07-30 07:23:26,473 INFO  [stdout] (Extension-Thread-1) trigger seeding of SecureRandom
2013-07-30 07:23:26,473 INFO  [stdout] (Extension-Thread-1) done seeding SecureRandom
2013-07-30 07:23:26,475 INFO  [org.mobicents.tools.sip.balancer.SIPBalancerForwarder] (Extension-Thread-1) SIP [EXTERNAL_SIP_TLS] bound to 192.168.9.141:5061
2013-07-30 07:23:26,476 INFO  [org.mobicents.tools.sip.balancer.SIPBalancerForwarder] (Extension-Thread-1) No Internal Connectors configured
2013-07-30 07:26:02,436 INFO  [stdout] (New I/O server boss #6) Using SSLEngineImpl.
2013-07-30 07:26:02,437 INFO  [stdout] (New I/O server boss #6) Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2013-07-30 07:26:02,437 INFO  [stdout] (New I/O server boss #6) Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

 

 

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk