Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: How to display SSL/TLS errors in log files? |
|
Author |
|
jack01
Joined: 28 Feb 2014 Posts: 27
|
Posted: Fri 28 Feb '14 14:55 Post subject: How to display SSL/TLS errors in log files? |
|
|
Hi,
I have installed Apache httpd and setup a SSL/TLS connection. SSL/TLS is working without a problem. I can clearly see httpS address in browser.
What I have found out that if browser gets some SSL/TLS error like trying to establish SSL/TLS connection with old protocol and web server refuses connection there is no error in SSL/TLS log recorded. I would like that every SSL/TLS attempt with error is recorded in ssl_error.log file. How to define settings in Apache config files to enable SSL/TLS error logging?
Details:
In Apache http httpd.conf there is setting:
Code: | ErrorLog "logs/error.log"
LogLevel warn |
In extra/httpd-ssl.conf there are settings:
Code: | SSLProtocol -ALL +TLSv1.2 |
and inside <VirtualHost _default_:443> is setting:
Code: | ErrorLog "C:/Programs/Apache/Apache24/logs/ssl_error.log" |
I restarted Apache httpd and empty file ssl_error.log created in above specified path.
In Firefox address bar I typed in: about:config and changed setting security.tls.version.max to 1
This settings sets maximum SSL/TLS protocol to 1.0
Now I would like to produse some SSL/TLS error. In Firefox I typed in URL address of my web server and got error:
"Peer reports incompatible or unsupported protocol version. (Error code: ssl_error_protocol_version_alert)"
This error is expected, browser tries to connect to web server with TLSv1.0 protocol but SSLProtocol web server directive does not allow TLSv1.0. So error is expected.
So far everything works as expected. Now I expect to see error in SSL error log C:/Programs/Apache/Apache24/logs/ssl_error.log but the file is still empty.
What settings should I check to get SSL/TLS errors in ssl_error.log file?
My software:
- Apache httpd 2.4.27 from Apache Lounge installed on Windows 2008 R2 on Intel server
- Firefox 27.0.1 on my notebook
Thanks |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7372 Location: Germany, Next to Hamburg
|
Posted: Fri 07 Mar '14 16:39 Post subject: |
|
|
First you should enable debug mode for the error log
Code: | <IfModule mod_ssl.c>
ErrorLog /var/log/apache2/ssl_engine.log
LogLevel debug
</IfModule> |
For more info see http://wiki.apache.org/httpd/DebuggingSSLProblems
if you still have a question please ask again. |
|
Back to top |
|
|
|
|
|
|