SXI Forum

A place to collect usefull tips, tricks and implementation strategies.

You are not logged in.

Pages: 1

#1 22-04-2022 21:49:44

StephanB
Member
Registered: 21-11-2018
Posts: 39

Debugging SSL Connections with X-Service Broker

Debugging SSL Connections problems with X-Service Broker can sometimes be difficult, especially when it is not clear what messages are actually being sent and received.

The X-Service Broker has a built-in debug facility and is activated by changing VM options in the X-ServiceBroker.vmoptions file located in the X:\SXI\X-ServiceBroker\bin folder.
The file looks like this:

# Enter one VM parameter per line
# For example, to adjust the maximum memory usage to 512 MB, uncomment the following line:
# To include another file, uncomment the following line:
# -include-options [path to other .vmoption file]

By add in "-Djavax.net.debug=ssl:handshake:keymanager:trustmanager:plaintext" to the file we can be able to see what messages are actually being sent and received in the X-ServiceBroker.StdOut_nnnnnnnn.log file located the this folder $\SXI\X-ServiceBroker\logs
Please take note the log file size will grow very fast when using the debugging op in the VM options file.

Here is how to Read the Debug output log file.

To turn on SSL/TSL debugging in X-ServiceBroker.vmoptions file use this -Djavax.net.debug:ssl 
The following parameters can be used with SSL/TLS Debugging:

record			"Enable per-record tracing"
handshake		"Print each handshake message"
keygen			"Print key generation data"
session			"Print session activity"
defaultctx		"Print default SSL initialization"
sslctx			"Print SSL Context tracing"
sessioncache		"Print session cache tracing"
keymanager		"Print key manager tracing"
trustmanagerprint	"Trust manager tracing"
pluggability		"Print pluggability tracing"

Handshake debugging can be widened with:

data		"hex dump of each handshake message"
verbose		"verbose handshake message printing"

Record debugging can be widened with:

plaintext	"hex dump of record plaintext"
packet		"print raw SSL packets"

The Debugging SSL Connections parameters can be used as following to display specific levels of detail in the log file. :

-Djavax.net.debug=ssl:record

or 

-Djavax.net.debug=ssl:handshake

Here is an example to specify more than one option in X-ServiceBroker.vmoptions file. :  

-Djavax.net.debug=ssl:keymanager:record

Offline

Pages: 1

Board footer

Powered by FluxBB