How to Enable Debug Logging for SSL Errors in Mart? (4346468)

Description:

How to Enable Debug Logging for SSL Errors in Mart?

Solution:

To enable debug logging, please update Catalina.bat:

1- Make a backup of C:\Program Files\erwin\MartServer2019r1\Tomcat64\bin\catalina.bat

2- Add the following to the top of the file:

rem ---------------------------------------------------------------------------

setlocal

set CATALINA_OPTS=-Djavax.net.debug=ssl,handshake %CATALINA_OPTS%

 rem Suppress Terminate batch job on CTRL+C

Redirect this output to a log file by start Mart in the manner below:

1- Stop the Mart Service

2- Open a command prompt as administrator

3- Navigate to the Mart bin directory. For example:

      cd C:\Program Files\erwin\MartServer2019r1\Tomcat64\bin

4- Start Mart using the following command:

        catalina.bat run > debug.txt 2>&1

5- This starts Mart (so please do not start the service). Then reproduce the problem being worked on.

6- Once reproduced, in the command prompt hit ctrl + c to stop Tomcat.

7- Get a copy of the created debug.txt (in C:\Program Files\erwin\MartServer2019r1\Tomcat64\bin) 

Results:

                -Full details of SSL handshakes with Mart should not be logged

                -This will be quite verbose, so expect a large log file (100+ MBs)

 Example:

  javax.net.ssl|DEBUG|29|https-openssl-nio-18170-exec-7|2020-01-14 17:49:06.694 EST|null:-1|Produced ClientHello handshake message (

"ClientHello": {

  "client version"      : "TLSv1.2",

  "random"              : "BE 80 55 70 B1 4E DE 47 73 69 99 ED 05 FF 55 3E 61 D5 85 47 34 1B 5A 86 3D 1A 54 86 33 CA 7A B3",

  "session id"          : "06 E6 8B C4 45 BF 2D 58 FB F3 3D 86 FF CF FD F0 EF 2D 2E 69 C7 25 EE E4 57 DE 1C E5 D3 E8 4F FE",

  "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",

….