Skip to end of metadata
Go to start of metadata

To enable TLS/SSL trace in the SAP Cloud Connector perform following steps:

  • stop SAP Cloud Connector service
  • open <drive>:\sap\scc20\props.ini file with a text editor
  • add JVM parameter -Djavax.net.debug=ssl:handshake  to the end of #options section (version >= 2.13.0)
props.ini
#options

-XX:+HeapDumpOnOutOfMemoryError
-XX:+DisableExplicitGC
-Xms1024m
-Xmx1024m
-XX:MaxNewSize=512m
-XX:NewSize=512m
-XX:+UseConcMarkSweepGC
-XX:TargetSurvivorRatio=85
-XX:SurvivorRatio=6
-XX:MaxDirectMemorySize=2G
-Dpath.to.runtime.installation.folder=CATALINA_HOME
-Dserver.config.home=CATALINA_HOME
-Dcom.sap.cloud.runtime.kotyo.standalone=true
-Dclassloading.bridge.accepted.callers=com.sap.cloud.runtime.kotyo.tomcat.support.DelegatingObjectFactory,com.sap.cloud.runtime.kotyo.lifecycle.InternalComponentLifecycleManager,com.sap.js.statistics.lifecycle.StatisticsLifecycle,com.sap.cloud.runtime.tomcat.log.corrid.CorrelationIdValve
-Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=com.sap.scc.tomcat.utils.PropertyDigester
-Djava.awt.headless=true
-Dio.netty.recycler.maxCapacity.default=256
-Djava.library.path=lib/native
-Djava.util.logging.manager=java.util.logging.LogManager
-Djavax.net.debug=ssl:handshake
  • add JVM parameter -Djavax.net.debug=ssl  to the end of #jvm section (version < 2.13.0)


props.ini
#jvm
-XX:+HeapDumpOnOutOfMemoryError 
-XX:+DisableExplicitGC 
-Xms1024m 
-Xmx1024m 
-XX:MaxNewSize=512m 
-XX:NewSize=512m 
-XX:+UseConcMarkSweepGC 
-XX:TargetSurvivorRatio=85 
-XX:SurvivorRatio=6 
-XX:MaxDirectMemorySize=2G 
-Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=com.sap.scc.tomcat.utils.PropertyDigester 
-Dosgi.requiredJavaVersion=1.6 
-Dosgi.install.area=. 
-DuseNaming=osgi 
-Dorg.eclipse.equinox.simpleconfigurator.exclusiveInstallation=false 
-Dcom.sap.core.process=ljs_node -Declipse.ignoreApp=true 
-Dosgi.noShutdown=true -Dosgi.framework.activeThreadType=normal 
-Dosgi.embedded.cleanupOnSave=true 
-Dosgi.usesLimit=30 
-Djava.awt.headless=true 
-Dio.netty.recycler.maxCapacity.default=256
-Djavax.net.debug=ssl
  • start SAP Cloud Connector service
  • the TLS/SSL trace will be collected in <drive>:\sap\scc20\log\ljs_trace.log file
  • when TLS/SSL tracing is finished, stop SAP Cloud Connector service
  • remove the -Djavax.net.debug=ssl  -Djavax.net.debug=ssl:handshake JVM parameter from the props.ini file.

Ensure that JVM parameter is added to a new line otherwise, it has no effect on tracing like in this case:

props.ini
...
-Djava.awt.headless=true 
-Dio.netty.recycler.maxCapacity.default=256-Djavax.net.debug=ssl


Since SAP Cloud Connector 2.12.2 the TLS trace can be enabled from the Cloud Connector UI:

It needs a cloud connector restart.



  • No labels