SSL Handshake Summary
The SSL output in the includes a summary of the events that took place during the handshake process. When diagnosing an SSL problem, start by reviewing the handshake summary.
The SSL output in the HTTP and SSL Debug Viewer includes a summary of the events that took place during the handshake process. When diagnosing an SSL problem, start by reviewing the handshake summary.
This page assumes a basic understanding of SSL or its successor, TLS.
The following graphic shows an example of the summary.
The first line displays the thread name.
The second line indicates whether the SSL debug log that the viewer uses is functioning as a client or a server. If a session has resumed, the second line also displays a corresponding message.
The remaining lines show the steps of the handshake process.
All of the possible steps appear in the summary, even steps that are optional in the handshake protocol. In the optional steps, a symbol appears to the right of the step number. The optional steps that are related to each other are shown with different sets of symbols. For example, an asterisk is used for step 3 and step 5, both of which pertain to the server certificate.
Each step has one of the following statuses:
- RUN: The step was performed.
- SKIPPED: The step was not performed.
- ASSUMED: The step was assumed to have been performed, based on other events that occurred.
- UNKNOWN: The initial status of all steps. If the status did not change, the step was most likely not performed.
Each step includes a brief description of an action that the client or server performed. For example, the first step shows the client sending a hello message to the server. If the action involves a message being sent, a left or right arrow illustrates the direction of the message flow. If the action does not involve a message being sent, a downward-facing arrow appears.
If an SSL problem occurs, the summary provides guidance to help you determine what went wrong. The following example shows the output that appears when a test step attempts to make an https request to a non-SSL port.
SEND TLSv1 ALERT: fatal, description = handshake_failurejavax.net.ssl.SSLHandshakeException: Remote host closed connection during handshakeEnsure that the server is secure (connecting to insecure server over SSL) and that you are connecting to the correct port