You'll want to turn on the

kishorsawant1988 · ‎04-01-2015

I need TLS negotiation logs for specific email communication.

I checked "mail_log" file but the I could see only single line for TLS communication (ICID XXXX TLS success protocol TLSv1 cipher DHE-RSA-AES256-SHA)

I want detailed negotiation logs to check the reason for TLS communication failure.

Please let me know how to get it from GUI or any CLI command.

Ken Stieers · ‎04-01-2015

You'll want to turn on the SMTP conversation logs.

Go to System Administration/Log subscriptions

Add a new log subscription, select SMTP Conversation Logs for the log type, give it a name log name, (that becomes the directory name) and a file name.

Set it to debug...

do your testing...

Delete it when you're done... SMTP Conversation logs get BIG, and they get there FAST, so you don't want to leave this one out there unless you need it.

Mathew Huynh · ‎04-01-2015

Hello,

Typically when TLS fails on the mail_logs you'll see strings like "TLS failed:" with some form of reasoning for further troubleshooting

TLS connection limit exceeded

TLS was required but could not be successfully negotiated

And some other errors that can occur.

Regards,

Matthew

TLS Negotiation Logs

Firewall: ASA Failover，FTD HA の 'Negotiation' ステータスについて

TLS Negotiation Failure

Flexconnect AP にて EAP-TLS 認証が失敗する問題

CISCO ISE EAP-TLS AUTHENTICATION

AnyConnect DTLS vs TLS