Introduction
In order to troubleshoot SSL/TLS issues it maybe necessary to enable debug logging for the classes that handle SSL, to do so follow the instructions below:
- Go to the jboss console https://<IP_OF_SERVER>:9990
- Navigate to the
"Server"
section. - Select the appropriate
"Host"
- Click on
"Server Configurations"
in the"Server"
section - Select the appropriate
"Server Configuration"
name - Select the
"JVM Configuration"
tab - Click on
"Edit"
- Add the appropriate ssl debug jvm option to the
"JVM Options"
field e.g.-Djavax.net.debug=all
- Click on
"Save"
- Repeat above steps for all relevant servers and hosts
- Reboot the affected machines
The relevant log files should now contain SSL/TLS debug output e.g. If debug is enabled for the load balancer, the domain/servers/loadbalancer-xxx/log/server.log
file will contains lines something like:
2013-07-30 07:23:26,473 INFO [stdout] (Extension-Thread-1) trigger seeding of SecureRandom 2013-07-30 07:23:26,473 INFO [stdout] (Extension-Thread-1) done seeding SecureRandom 2013-07-30 07:23:26,473 INFO [stdout] (Extension-Thread-1) trigger seeding of SecureRandom 2013-07-30 07:23:26,473 INFO [stdout] (Extension-Thread-1) done seeding SecureRandom 2013-07-30 07:23:26,475 INFO [org.mobicents.tools.sip.balancer.SIPBalancerForwarder] (Extension-Thread-1) SIP [EXTERNAL_SIP_TLS] bound to 192.168.9.141:5061 2013-07-30 07:23:26,476 INFO [org.mobicents.tools.sip.balancer.SIPBalancerForwarder] (Extension-Thread-1) No Internal Connectors configured 2013-07-30 07:26:02,436 INFO [stdout] (New I/O server boss #6) Using SSLEngineImpl. 2013-07-30 07:26:02,437 INFO [stdout] (New I/O server boss #6) Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 2013-07-30 07:26:02,437 INFO [stdout] (New I/O server boss #6) Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Comments
0 comments
Please sign in to leave a comment.