Skip to main content
Version: 8.2411.x.x RR

SSL tracing

Backend SSL tracing

To enable SSL tracing on the backend and trace the functioning of, for example, the HttpsConnectorServlet or the BackendConnectorServlet, set the trace groups described below.

BC.Tracer.DebugProfile.OpenSSLHandshk

Tracing of the handshake process. Defines the severity level of the logged events.

BC.Tracer.DebugProfile.OpenSSLRecord

SSL record tracing. Defines the severity level of the logged events.

BC.Tracer.DebugProfile.OpenSSLStream

SSL stream tracing. Defines the severity level of the logged events.

BC.Tracer.DebugProfile.OpenSSLCipher

SSL cipher tracing. Defines the severity level of the logged cipher functions.

bcx.net.debug.host

Type: String
Possible values: list of hostnames, or all
Default: not set

To enable the tracegroups mentioned above, set this property to "all" or specify a list of hostnames.

bcx.net.debug

Type: Enum
Possible values: record, handshake, ssl, ssl-key
Default: not set

To enable the tracegroups mentioned above, set this property to "record,handshake,ssl,ssl-key" or select one of these values. If the value ssl-key is set, the TLS master keys are traced in the tracegroup BC.Tracer.DebugProfile.OpenSSLHandshk with the debug level DBG-LOW (7), for example:

Oct 20 14:46:35 TestRunner OpenSSLHan 977751.139883295164160.test_tsl_master_key 7-DBG_LO:  SSLKEY: SERVER_HANDSHAKE_TRAFFIC_SECRET 2887819562bbfafdedfed1dddc8ef91d3f3d573bdef5e0dc4af59b3d6c7c329c 8cee60e35c99ffcf4e42f132f05f706997c2241812bed97670caa2aa9339f9b070b5ae1cfc3d3dd0e650770ef3d3623d

Frontend SSL tracing

To enable SSL tracing on the frontend, set the property LogLevel in the file navajo.xml, as follows:

Loglevel="debug ssl:trace5"

Set the following trace group in the file bc.properties, to log the tracing to the navajo.log file as well:

BC.Tracer.DebugProfile.Apache=4