Sidebar

How do you configure QIE to produce additional logging for SSL connections?

+1 vote
692 views
asked Jul 3, 2013 by gary-t-8719 (14,820 points)
retagged Nov 1, 2013 by gary-t-8719
I need to see additional information about why the secure TLS connection is not being established.

1 Answer

+1 vote
 
Best answer
To enable additional SSL logging, use the following java option:
-Djavax.net.debug=ssl,handshake
This will cause additional log messages to be included in the qieLauncher.log.x file.
 
NOTE: Since this will cause your log files to grow large, you will want to disable this option and restart QIE once you have finished debugging your SSL connection.  A common way to do this, while still preserving the option for future reference is to add .OFF to the option as follows:
-Djavax.net.debug.OFF=ssl,handshake
Other options that can be used with the -Djavax.net.debug= java option are as follows:
all              turn on all debugging
ssl              turn on ssl debugging
 
The following can be used with ssl:
    record       enable per-record tracing
    handshake    print each handshake message
    keygen       print key generation data
    session      print session activity
    defaultctx   print default SSL initialization
    sslctx       print SSLContext tracing
    sessioncache print session cache tracing
    keymanager   print key manager tracing
    trustmanager print trust manager tracing
    pluggability print pluggability tracing
 
    handshake debugging can be widened with:
    data         hex dump of each handshake message
    verbose      verbose handshake message printing
 
    record debugging can be widened with:
    plaintext    hex dump of record plaintext
    packet       print raw SSL/TLS packets
 

 

answered Jul 8, 2013 by ron-s-6919 (4,140 points)
selected Jul 9, 2013 by sam-s-1510
commented Feb 20, 2016 by ben-s-7515 (11,100 points)
A good explanation of the TLS handshake logs can be found here: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html
...