To enable TLS/SSL trace in the SAP Cloud Connector perform following steps:
- stop SAP Cloud Connector service
- open <drive>:\sap\scc20\props.ini file with a text editor
- add JVM parameter -Djavax.net.debug=ssl:handshake to the end of #options section (version >= 2.13.0)
props.ini
#options -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Xms1024m -Xmx1024m -XX:MaxNewSize=512m -XX:NewSize=512m -XX:+UseConcMarkSweepGC -XX:TargetSurvivorRatio=85 -XX:SurvivorRatio=6 -XX:MaxDirectMemorySize=2G -Dpath.to.runtime.installation.folder=CATALINA_HOME -Dserver.config.home=CATALINA_HOME -Dcom.sap.cloud.runtime.kotyo.standalone=true -Dclassloading.bridge.accepted.callers=com.sap.cloud.runtime.kotyo.tomcat.support.DelegatingObjectFactory,com.sap.cloud.runtime.kotyo.lifecycle.InternalComponentLifecycleManager,com.sap.js.statistics.lifecycle.StatisticsLifecycle,com.sap.cloud.runtime.tomcat.log.corrid.CorrelationIdValve -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=com.sap.scc.tomcat.utils.PropertyDigester -Djava.awt.headless=true -Dio.netty.recycler.maxCapacity.default=256 -Djava.library.path=lib/native -Djava.util.logging.manager=java.util.logging.LogManager -Djavax.net.debug=ssl:handshake
- add JVM parameter -Djavax.net.debug=ssl to the end of #jvm section (version < 2.13.0)
props.ini
#jvm -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Xms1024m -Xmx1024m -XX:MaxNewSize=512m -XX:NewSize=512m -XX:+UseConcMarkSweepGC -XX:TargetSurvivorRatio=85 -XX:SurvivorRatio=6 -XX:MaxDirectMemorySize=2G -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=com.sap.scc.tomcat.utils.PropertyDigester -Dosgi.requiredJavaVersion=1.6 -Dosgi.install.area=. -DuseNaming=osgi -Dorg.eclipse.equinox.simpleconfigurator.exclusiveInstallation=false -Dcom.sap.core.process=ljs_node -Declipse.ignoreApp=true -Dosgi.noShutdown=true -Dosgi.framework.activeThreadType=normal -Dosgi.embedded.cleanupOnSave=true -Dosgi.usesLimit=30 -Djava.awt.headless=true -Dio.netty.recycler.maxCapacity.default=256 -Djavax.net.debug=ssl
- start SAP Cloud Connector service
- the TLS/SSL trace will be collected in <drive>:\sap\scc20\log\ljs_trace.log file
- when TLS/SSL tracing is finished, stop SAP Cloud Connector service
- remove the -Djavax.net.debug=ssl / -Djavax.net.debug=ssl:handshake JVM parameter from the props.ini file.
Ensure that JVM parameter is added to a new line otherwise, it has no effect on tracing like in this case:
props.ini
... -Djava.awt.headless=true -Dio.netty.recycler.maxCapacity.default=256-Djavax.net.debug=ssl
Since SAP Cloud Connector 2.12.2 the TLS trace can be enabled from the Cloud Connector UI:
It needs a cloud connector restart.