SSL tracing
Backend SSL tracing
To enable SSL tracing on the backend and trace the functioning of, for example, the HttpsConnectorServlet or the BackendConnectorServlet, set the trace groups described below.
BC.Tracer.DebugProfile.OpenSSLHandshk
Tracing of the handshake process. Defines the severity level of the logged events.
BC.Tracer.DebugProfile.OpenSSLRecord
SSL record tracing. Defines the severity level of the logged events.
BC.Tracer.DebugProfile.OpenSSLStream
SSL stream tracing. Defines the severity level of the logged events.
BC.Tracer.DebugProfile.OpenSSLCipher
SSL cipher tracing. Defines the severity level of the logged cipher functions.
bcx.net.debug.host
Type: String
Possible values: list of hostnames, or all
Default: not set
To enable the tracegroups mentioned above, set this property to "all" or specify a list of hostnames.
bcx.net.debug
Type: Enum
Possible values: record, handshake, ssl, ssl-key
Default: not set
To enable the tracegroups mentioned above, set this property to "record,handshake,ssl,ssl-key" or select one of these values.
If the value ssl-key
is set, the TLS master keys are traced in the tracegroup BC.Tracer.DebugProfile.OpenSSLHandshk
with the debug level DBG-LOW (7)
, for example:
Oct 20 14:46:35 TestRunner OpenSSLHan 977751.139883295164160.test_tsl_master_key 7-DBG_LO: SSLKEY: SERVER_HANDSHAKE_TRAFFIC_SECRET 2887819562bbfafdedfed1dddc8ef91d3f3d573bdef5e0dc4af59b3d6c7c329c 8cee60e35c99ffcf4e42f132f05f706997c2241812bed97670caa2aa9339f9b070b5ae1cfc3d3dd0e650770ef3d3623d
Frontend SSL tracing
To enable SSL tracing on the frontend, set the property LogLevel in the file navajo.xml, as follows:
Loglevel="debug ssl:trace5"
Set the following trace group in the file bc.properties, to log the tracing to the navajo.log file as well:
BC.Tracer.DebugProfile.Apache=4