POP3DebugSSL

Profile

Description

• The STARTTLS command and the peer's response (with explicit STARTTLS negotiation),

• Direct TLS negotiation on the POP3S port (typically 995/TCP),

• The negotiated TLS protocol version and cipher suite,

• Certificate verification (trust, expiry, site certificate),

• Handshake phases and any error codes from the SSL layer.

Examples

POP3DebugSSL=1

set config POP3DebugSSL=1
tell pop3 quit
load pop3

set config POP3DebugSSL=0
tell pop3 quit
load pop3

Notes

• Enable the console log — KB0029557 explicitly notes: "The console log must be enabled to view output from the above debugging parameters."

• Spelling — In HCL KB0029557, the spelling is documented as POP3Debugssl=1 with lowercase; since notes.ini is case-insensitive, both variants work the same.

• Companion parameters —
• SMTPDebugSSL=1 for the SMTP task,
• IMAPDebugSSL=1 for the IMAP task,
• DEBUG_SSL_HANDSHAKE=2/DEBUG_SSL_CIPHERS=2 as a generic counterpart for all TLS-capable Domino tasks (HCL Wiki, Daniel Nashed).

• Performance — Under heavy POP3 load, the logging produces a lot of output; only enable during diagnostic reproduction.

• Privacy — Mail body and content are not captured (POP3DebugSSL is restricted to the TLS layer). Connection metadata (addresses, certificate subjects) may, however, be personally identifiable.

• Counterpart at the content level — For the POP3 protocol level or bytes, logging is done via the server console (tell pop3 debug ...) or domain-specific debug switches.

Sources (HCL Product Documentation)

• HCL Customer Support – KB0029557 "SSL Debugging for Domino mail routing" (Applies to: Domino 9.0.x, 10.0.x; HCL Domino 11.0.x and higher): support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0029557

• HCL Domino 14.5.1 – NOTES.INI Settings (overview): help.hcl-software.com/domino/14.5.1/admin/conf_notesinisettings_c.html