Enable DEBUG logging for SSL Handshake

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When Confluence refuses or drops an SSL/TLS connection coming from a remote server or client, the first stop to investigate is whether the SSL Handshake is happening between the source and the destination.

The only way to understand what is happening during the SSL Handshake is to get more information on the underlying mechanism.

For Reference:

RFC 5246 - The Transport Layer Security (TLS) Protocol

Oracle - Debugging SSL/TLS Connections

Solution

The solution here is to enable DEBUG logging for SSL Handshake to understand why Confluence server dropped that connection:

  • Stop Confluence server

  • Add a JVM Argument

    • Modify the file setenv.sh or setenv.bat found in <confluence-install>/bin

    • Add the argument to CATALINA_OPTS

      1 CATALINA_OPTS="-Djavax.net.debug=ssl:handshake:verbose ${CATALINA_OPTS}"

    ⚠️ Note that this will insert a large amount of messages in the log file. Make sure to disable it once you are done with the investigation.

  • Start Confluence

  • The logs can been found in <install directory>/logs/catalina.out

Updated on April 2, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community