Enable DEBUG logging for SSL Handshake
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Purpose
When Confluence refuses or drops an SSL/TLS connection coming from a remote server or client, the first stop to investigate is whether the SSL Handshake is happening between the source and the destination.
The only way to understand what is happening during the SSL Handshake is to get more information on the underlying mechanism.
For Reference:
RFC 5246 - The Transport Layer Security (TLS) Protocol
Oracle - Debugging SSL/TLS Connections
Solution
The solution here is to enable DEBUG logging for SSL Handshake to understand why Confluence server dropped that connection:
- Stop Confluence server
- Add a JVM Argument
- Modify the file setenv.sh or setenv.bat found in <confluence-install>/bin
Add the argument to CATALINA_OPTS
CATALINA_OPTS="-Djavax.net.debug=ssl:handshake:verbose ${CATALINA_OPTS}"
Note that this will insert a large amount of messages in the log file. Make sure to disable it once you are done with the investigation.
Start Confluence
- The logs can been found in <install directory>/logs/catalina.out