The SSL output in the HTTP and SSL Debug Viewer includes a summary of the events that took place during the handshake process. When diagnosing an SSL problem, start by reviewing the handshake summary.
Note: This topic assumes a basic understanding of SSL or its successor, TLS.
The following graphic shows an example of the summary.
The first line displays the thread name.
The second line indicates whether the SSL debug log that the viewer uses is functioning as a client or a server. If a session has resumed, the second line also displays a corresponding message.
The remaining lines show the steps of the handshake process.
All of the possible steps appear in the summary, even steps that are optional in the handshake protocol. In the optional steps, a symbol appears to the right of the step number. The optional steps that are related to each other are shown with different sets of symbols. For example, an asterisk is used for step 3 and step 5, both of which pertain to the server certificate.
Each step has one of the following statuses:
Each step includes a brief description of an action that the client or server performed. For example, the first step shows the client sending a hello message to the server. If the action involves a message being sent, a left or right arrow illustrates the direction of the message flow. If the action does not involve a message being sent, a downward-facing arrow appears.
If an SSL problem occurs, the summary provides guidance to help you determine what went wrong. The following example shows the output that appears when a test step attempts to make an https request to a non-SSL port.
SEND TLSv1 ALERT: fatal, description = handshake_failure javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Ensure that the server is secure (connecting to insecure server over SSL) and that you are connecting to the correct port
Copyright © 2014 CA Technologies.
All rights reserved.
|
|