Parameter:
DEBUG_TLSShort description: Detailed TLS handshake logging (certificate chain, cipher negotiation, alerts) – successor to
DEBUG_SSL_ALL with the OpenSSL backend.Profile
Parameter | DEBUG_TLS |
Category | Logging / Debug |
Component | Server |
Available since | 12.0 |
Supported versions | 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = off, 1 = handshake info, 2 = verbose (incl. key-material hints) |
Description
With the switch from the old GSKit library to OpenSSL, HCL introduced
DEBUG_TLS as the central switch for TLS diagnosis. Level 1 shows per connection the cipher selection, negotiated protocol version, ALPN handshakes, and any alert codes; level 2 additionally writes hints about key material (but no clear-text keys).Indispensable for certificate/cipher disputes between Domino and a reverse proxy, load balancer, or modern client.
Example configuration
DEBUG_TLS=1
Notes & pitfalls
- Set level
2only temporarily – produces a lot of output.
- Complements
DEBUG_CERTMGR,SSL_DISABLE_TLS_*,TLSCipherList.
- Output goes to the console /
Debug_Outfile.
- Before tests, take a parallel
wiresharkcapture – often saves repeated runs.
- The change takes effect immediately via
set configreload or after restarting TLS-using tasks.