Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2580
Views
0
Helpful
2
Replies

TLS Negotiation Logs

kishorsawant1988
Level 1
Level 1

‎04-01-2015 09:41 AM

I need TLS negotiation logs for specific email communication.

 

I checked "mail_log" file but the I could see only single line for TLS communication (ICID XXXX TLS success protocol TLSv1 cipher DHE-RSA-AES256-SHA)

 

I want detailed negotiation logs to check the reason for TLS communication failure.

 

Please let me know how to get it from GUI or any CLI command.

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎04-01-2015 09:59 AM

You'll want to turn on the SMTP conversation logs.

Go to System Administration/Log subscriptions

Add a new log subscription, select SMTP Conversation Logs for the log type, give it a name log name, (that becomes the directory name) and a file name.

Set it to debug...

 

do your testing...

 

Delete it when you're done... SMTP Conversation logs get BIG, and they get there FAST, so you don't want to leave this one out there unless you need it.

 

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee

‎04-01-2015 06:27 PM

Hello,


Typically when TLS fails on the mail_logs you'll see strings like "TLS failed:" with some form of reasoning for further troubleshooting

 

TLS connection limit exceeded

TLS was required but could not be successfully negotiated

 

And some other errors that can occur.

 

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents