How do you configure QIE to produce additional logging for SSL connections?

Question

I need to see additional information about why the secure TLS connection is not being established.

Answer 1

To enable additional SSL logging, use the following java option:

-Djavax.net.debug=ssl,handshake

This will cause additional log messages to be included in the qieLauncher.log.x file.

 

NOTE: Since this will cause your log files to grow large, you will want to disable this option and restart QIE once you have finished debugging your SSL connection.  A common way to do this, while still preserving the option for future reference is to add .OFF to the option as follows:

-Djavax.net.debug.OFF=ssl,handshake

Other options that can be used with the -Djavax.net.debug= java option are as follows:

all              turn on all debugging

ssl              turn on ssl debugging

 

The following can be used with ssl:

    record       enable per-record tracing

    handshake    print each handshake message

    keygen       print key generation data

    session      print session activity

    defaultctx   print default SSL initialization

    sslctx       print SSLContext tracing

    sessioncache print session cache tracing

    keymanager   print key manager tracing

    trustmanager print trust manager tracing

    pluggability print pluggability tracing

 

    handshake debugging can be widened with:

    data         hex dump of each handshake message

    verbose      verbose handshake message printing

 

    record debugging can be widened with:

    plaintext    hex dump of record plaintext

    packet       print raw SSL/TLS packets

 

 

Comments

A good explanation of the TLS handshake logs can be found here: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html