ServerIron ADX Security Guide 187
53-1002440-03
SSL debug and troubleshooting commands 6
SSL debug and troubleshooting commands
This section describes SSL debug and troubleshooting commands.

Diagnostics

You can run diagnostic tests on the SSL hardware devices to verify proper functionality. Please note
that the diagnostic tests should not be run while SSL traffic is being processed. Also, the system
should be reloaded after running the diagnostic test-suite. The diagnostic test-suite can be initiated
from the MP or from individual BPs.
To run diagnostics from the MP,
ssl diag ServerIronADX# ssl diag <BP-slot> <BP-cpu>
<BP-slot> and <BP-cpu> refer to the BP that the diagnostic test-suite is run from
SSL chip 1: All diag tests PASSED
SSL chip 2: All diag tests PASSED
SSL: Diags PASSED
The above command runs all diagnostic tests on all SSL hardware modules, and logs whether the
tests passed or failed in brief.
If additional information is needed, the diagnostic tests can be run from any BP wherein detailed
information is logged on the BP console.
To run diagnostics from the BP,
SSL operations submitted to the hardware can be run in 2 modes - Blocking and Non-blocking.
Blocking mode means that the CPU is polling for the result after submitting the operation to the
hardware, and Non-blocking mode means that the CPU receives a callback once the operation has
completed. The default mode is Blocking. To change the mode,
ServerIronADX1/1# ssl bp-diag mode [ blocking | non-blocking]
There are multiple SSL devices in the system. The default module i s the fi rst mod ule (0) . To selec t a
specific module,
ServerIronADX1/1# ssl bp-diag module <SSL device ID [0...5]>
SSL operations submitted to the hardware can be in 2 modes - Direct and Scatter-Gather. Direct
mode means that the data for any input/output variable is in one location, and Scatter-Gather
mode means that the data for any input/output variable could come from multiple non-contiguous
blocks. The default mode is Direct. To enable scatter-gather,
ServerIronADX1/1# ssl bp-diag scatter-gather [ enable | disable ]
ServerIronADX1/1# ssl bp-diag
all All diagnostic tests
crypto-3des Crypto 3DES Test
crypto-aes Crypto AES Test
crypto-hmac Crypto HMAC Test
crypto-mod-ex Crypto Mod-Ex Test
crypto-rc4 Crypto RC4 Test
key-mem Key Memory Test
load-ucode Load Microcode Test
random-num Random Number Generator Test
read-write-regs Read Write Registers Test