Merge pull request #10584 from paulozulato/debug-ssl-handshake

feat: add log level configuration to ssl communication

apps/emqx/src/emqx_schema.erl

@@ -2287,6 +2287,17 @@ common_ssl_opts_schema(Defaults) ->
                     desc => ?DESC(common_ssl_opts_schema_secure_renegotiate)
                 }
             )},
+        {"log_level",
+            sc(
+                hoconsc:enum([
+                    emergency, alert, critical, error, warning, notice, info, debug, none, all
+                ]),
+                #{
+                    default => notice,
+                    desc => ?DESC(common_ssl_opts_schema_log_level),
+                    importance => ?IMPORTANCE_LOW
+                }
+            )},
 
         {"hibernate_after",
             sc(

changes/ce/feat-10584.en.md

@@ -0,0 +1 @@
+Add log level configuration to SSL communication

rel/i18n/emqx_schema.hocon

@@ -1300,6 +1300,11 @@ you drop support for the insecure renegotiation, prone to MitM attacks."""
 common_ssl_opts_schema_secure_renegotiate.label:
 """SSL renegotiate"""
 
+common_ssl_opts_schema_log_level.desc:
+"""Log level for SSL communication. Default is 'notice'. Set to 'debug' to inspect TLS handshake messages."""
+common_ssl_opts_schema_log_level.label:
+"""SSL log level"""
+
 sysmon_vm_busy_port.desc:
 """When a port (e.g. TCP socket) is overloaded, there will be a <code>busy_port</code> warning log,
 and an MQTT message is published to the system topic <code>$SYS/sysmon/busy_port</code>."""