Use the debugging support that is built into the server to obtain more information without a restart.
  1. To enable the debug log publisher, run the following configuration changes.
    dsconfig create-debug-target \
         --publisher-name "File-Based Debug Logger" \
         --target-name com.unboundid.directory.server.extensions.TLSConnectionSecurityProvider \
         --set debug-level:verbose
     
    dsconfig set-log-publisher-prop \
         --publisher-name "File-Based Debug Logger" \
         --set enabled:true
    
    After you make these changes, the logs/debug file captures a substantial amount of information about the TLS-related processing that the server is performing. Although this file does not provide as much detail as the JVM's built-in debugging information, it might help to pinpoint the cause of the problem and to identify potential solutions.
  2. When you no longer require this level of debugging, disable the debug log publisher and remove the debug target.
    dsconfig set-log-publisher-prop \
         --publisher-name "File-Based Debug Logger" \
         --set enabled:false
     
    dsconfig delete-debug-target \
         --publisher-name "File-Based Debug Logger" \
         --target-name com.unboundid.directory.server.extensions.TLSConnectionSecurityProvider
    
    Tip:

    To troubleshoot TLS communication with a non-Java client that does not offer its own TLS debugging mechanism, and if the server-side debugging support is insufficient, use a network protocol analyzer to capture the communication between the client and the server, and to examine its content. The free open-source Wireshark utility is an excellent graphical tool that runs on a variety of platforms and provides excellent support for understanding TLS communication. Even if you cannot decipher the encrypted content, you can view at least some of the handshake messages. Unfortunately, more of the handshake is encrypted in TLS 1.3 than in earlier versions of the protocol. Although this change improves security and privacy, it might interfere with troubleshooting attempts.