Salesforce

How to enable SSL debugging in OpenEdge?

Printable View
« Go Back

Information

 
TitleHow to enable SSL debugging in OpenEdge?
URL NameP121819
Article Number000148028
EnvironmentProduct: OpenEdge
Version 10.x, 11.x, 12.x
OS: All supported platforms
Question/Problem Description
How to enable SSL debugging in Progress OpenEdge?
How to enable SSL debugging in WebSpeed?
SSL Troubleshooting with debug logging
How to generate debug log files for SSL?
How to get more debug information for OpenEdge SSL connections?
How to enable debug logging for SSL client/server connections.
Can debugging information be gathered from SSL connections between client and server?
Is there a way to obtain debug information for SSL connections?
Steps to Reproduce
Clarifying Information
Error Message
Defect Number
Enhancement Number
Cause
Resolution
To turn on SSL debug logging, set the SSLSYS_DEBUG_LOGGING environment variable to a value from 1 to 5.
  • SSLSYS_DEBUG_LOGGING must be set before the Progress processes are started for them to pick this up.
  • It cannot be turned off and recognized by the processes until the process is shutdown, the variable removed, and the processes restarted.
  • A SSL debug log file (cert.server.log for server or cert.client.log for client) will be generated in the working directory ($WRKDIR) when a connection is established (for example, by the CONNECT() method in ABL code).
  • If $WRKDIR can not be determined, the log file will be written to the /tmp directory on UNIX or C:\TMP on Windows if C:\TMP exists.
  • Examples: The value for "x" is set from 1 to 5 depending on the level of logging required:
UNIX:
SSLSYS_DEBUG_LOGGING=x;export SSLSYS_DEBUG_LOGGING

Windows:
set SSLSYS_DEBUG_LOGGING=x

SSLSYS_DEBUG_LOGGING settings:

The following is a list of the possible values for SSLSYS_DEBUG_LOGGING and what they yield:
  • SSLSYS_DEBUG_LOGGING=1, logs only errors
  • SSLSYS_DEBUG_LOGGING=2, as 1 above and progress internal ssl messages
  • SSLSYS_DEBUG_LOGGING=3, as 2 above plus rsa state information
  • SSLSYS_DEBUG_LOGGING=4, as 3 above plus rsa buffer information
  • SSLSYS_DEBUG_LOGGING=5, as 4 above plus rsa buffer dumps
WARNING:  setting to SSLSYS_DEBUG_LOGGING to level 5 will produce tremendous amounts of log information and reduce system performance.


To enable SSL debug logging for WebSpeed:

Set the SSLSYS_DEBUG_LOGGING environment variable in the Environment section of the corresponding WebSpeed Broker. This will add SSL debugging information to the Server log file.


To enable SSL debug logging for an SSL-enabled AppServer instance:
  • Set brkrLoggingLevel to 4 or greater in the ubroker.properties file.
  • And add  ,Ubroker.SSL to the brkrLogEntryTypes (the comma is necessary):
[UBroker.AS.asbroker1]
brkrLoggingLevel=4
brkrLogEntryTypes=,Ubroker.SSL
  • For additional information, enabling the following jvmArgs at Broker level will generate a separate log file for the SSL layer (for broker).
[UBroker.AS.asbroker1]
...
jvmArgs=-Djavax.net.debug=all -Dcom.rsa.jsse.logFile=<complete path of the log file> 

For example:

jvmArgs=-Djavax.net.debug=all -Dcom.rsa.jsse.logFile=C:\OE\wrk\broker_ssl.log


To enable SSL debug logging when using the AppServer as a client (e.g. the AppServer calls an external web service):
  • Set the environment variable for your AppServer instance. For example in the ubroker.properties it would look like the following:
[Environment.asbroker1]
SSLSYS_DEBUG_LOGGING=5
  • Restart the AppServer for the changes to take effect.

On some platforms, the variable might still have to be set at the OS level.

SSLSYS_DEBUG_LOGGING=5;export SSLSYS_DEBUG_LOGGING
 

To enable logging SSL messages for PASOE:

Workaround
Notes



Keyword Phrase
Last Modified Date7/10/2025 4:38 PM
Powered by