logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: How to display SSL/TLS errors in log files?
Author
jack01



Joined: 28 Feb 2014
Posts: 27

PostPosted: Fri 28 Feb '14 14:55    Post subject: How to display SSL/TLS errors in log files? Reply with quote

Hi,
I have installed Apache httpd and setup a SSL/TLS connection. SSL/TLS is working without a problem. I can clearly see httpS address in browser.

What I have found out that if browser gets some SSL/TLS error like trying to establish SSL/TLS connection with old protocol and web server refuses connection there is no error in SSL/TLS log recorded. I would like that every SSL/TLS attempt with error is recorded in ssl_error.log file. How to define settings in Apache config files to enable SSL/TLS error logging?

Details:
In Apache http httpd.conf there is setting:
Code:
ErrorLog "logs/error.log"
LogLevel warn


In extra/httpd-ssl.conf there are settings:
Code:
SSLProtocol -ALL +TLSv1.2

and inside <VirtualHost _default_:443> is setting:
Code:
ErrorLog "C:/Programs/Apache/Apache24/logs/ssl_error.log"


I restarted Apache httpd and empty file ssl_error.log created in above specified path.

In Firefox address bar I typed in: about:config and changed setting security.tls.version.max to 1
This settings sets maximum SSL/TLS protocol to 1.0

Now I would like to produse some SSL/TLS error. In Firefox I typed in URL address of my web server and got error:
"Peer reports incompatible or unsupported protocol version. (Error code: ssl_error_protocol_version_alert)"
This error is expected, browser tries to connect to web server with TLSv1.0 protocol but SSLProtocol web server directive does not allow TLSv1.0. So error is expected.

So far everything works as expected. Now I expect to see error in SSL error log C:/Programs/Apache/Apache24/logs/ssl_error.log but the file is still empty.

What settings should I check to get SSL/TLS errors in ssl_error.log file?

My software:
- Apache httpd 2.4.27 from Apache Lounge installed on Windows 2008 R2 on Intel server
- Firefox 27.0.1 on my notebook
Thanks
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 07 Mar '14 16:39    Post subject: Reply with quote

First you should enable debug mode for the error log

Code:
 <IfModule mod_ssl.c>
    ErrorLog /var/log/apache2/ssl_engine.log
    LogLevel debug
  </IfModule>


For more info see http://wiki.apache.org/httpd/DebuggingSSLProblems

if you still have a question please ask again.
Back to top


Reply to topic   Topic: How to display SSL/TLS errors in log files? View previous topic :: View next topic
Post new topic   Forum Index -> Apache