1 files changed, 105 insertions, 56 deletions

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 2c6b71c97a..b220691e79 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -32,6 +32,7 @@
 -include("ssl_internal.hrl").
 -include("ssl_srp.hrl").
 -include_lib("public_key/include/public_key.hrl"). 
+-include_lib("kernel/include/logger.hrl").
 
 %% Internal application API
 
@@ -50,7 +51,7 @@
 -export([encode_alert/3, send_alert/2, send_alert_in_connection/2, close/5, protocol_name/0]).
 
 %% Data handling
--export([next_record/1, socket/4, setopts/3, getopts/3]).
+-export([socket/4, setopts/3, getopts/3]).
 
 %% gen_statem state functions
 -export([init/3, error/3, downgrade/3, %% Initiation and take down states
@@ -66,7 +67,7 @@
 %% Setup
 %%====================================================================	     
 start_fsm(Role, Host, Port, Socket, {#ssl_options{erl_dist = false},_, Tracker} = Opts,
-	  User, {CbModule, _,_, _} = CbInfo, 
+	  User, {CbModule, _, _, _, _} = CbInfo,
 	  Timeout) -> 
     try 
 	{ok, Pid} = dtls_connection_sup:start_child([Role, Host, Port, Socket, 
@@ -146,13 +147,16 @@ next_record(#state{static_env = #static_env{role = server,
                                             socket = {Listener, {Client, _}}}} = State) ->
     dtls_packet_demux:active_once(Listener, Client, self()),
     {no_record, State};
-next_record(#state{static_env = #static_env{role = client,
+next_record(#state{protocol_specific = #{active_n_toggle := true,
+                                         active_n := N} = ProtocolSpec,
+                   static_env = #static_env{role = client,
                                             socket = {_Server, Socket} = DTLSSocket,
                                             close_tag = CloseTag,
                                             transport_cb = Transport}} = State) ->
-    case dtls_socket:setopts(Transport, Socket, [{active,once}]) of
+    case dtls_socket:setopts(Transport, Socket, [{active,N}]) of
         ok ->
- 	    {no_record, State};
+            {no_record, State#state{protocol_specific =
+                                        ProtocolSpec#{active_n_toggle => false}}};
  	_ ->
             self() ! {CloseTag, DTLSSocket},
 	    {no_record, State}
@@ -192,7 +196,8 @@ next_event(StateName, no_record,
 	    %% TODO maybe buffer later epoch
             next_event(StateName, no_record, State, Actions); 
 	{#alert{} = Alert, State} ->
-	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}
+            Version = State#state.connection_env#connection_env.negotiated_version,
+            handle_own_alert(Alert, Version, StateName, State)
     end;
 next_event(connection = StateName, Record,
 	   #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) ->
@@ -232,7 +237,8 @@ next_event(StateName, Record,
 	    %% TODO maybe buffer later epoch
             next_event(StateName, no_record, State0, Actions); 
 	#alert{} = Alert ->
-	    {next_state, StateName, State0, [{next_event, internal, Alert} | Actions]}
+	    Version = State0#state.connection_env#connection_env.negotiated_version,
+            handle_own_alert(Alert, Version, StateName, State0)
     end.
 
 %%% DTLS record protocol level application data messages 
@@ -249,10 +255,11 @@ handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, Stat
 handle_protocol_record(#ssl_tls{type = ?HANDSHAKE,
 				       fragment = Data}, 
 		    StateName, 
-		    #state{protocol_buffers = Buffers0,
-			   connection_env = #connection_env{negotiated_version = Version}} = State) ->
+                       #state{protocol_buffers = Buffers0,
+                              connection_env = #connection_env{negotiated_version = Version},
+                              ssl_options = Options} = State) ->
     try
-	case dtls_handshake:get_dtls_handshake(Version, Data, Buffers0) of
+	case dtls_handshake:get_dtls_handshake(Version, Data, Buffers0, Options) of
 	    {[], Buffers} ->
 		next_event(StateName, no_record, State#state{protocol_buffers = Buffers});
 	    {Packets, Buffers} ->
@@ -287,9 +294,10 @@ handle_protocol_record(#ssl_tls{type = _Unknown}, StateName, State) ->
 %% Handshake handling
 %%====================================================================	     
 
-renegotiate(#state{static_env = #static_env{role = client}} = State, Actions) ->
+renegotiate(#state{static_env = #static_env{role = client}} = State0, Actions) ->
     %% Handle same way as if server requested
     %% the renegotiation
+    State = reinit_handshake_data(State0),
     {next_state, connection, State,
      [{next_event, internal, #hello_request{}} | Actions]};
 
@@ -307,9 +315,12 @@ queue_handshake(Handshake0, #state{handshake_env = #handshake_env{tls_handshake_
                                    connection_env = #connection_env{negotiated_version = Version},
 				   flight_buffer = #{handshakes := HsBuffer0,
 						     change_cipher_spec := undefined,
-						     next_sequence := Seq} = Flight0} = State) ->
+						     next_sequence := Seq} = Flight0,
+                                   ssl_options = SslOpts} = State) ->
     Handshake = dtls_handshake:encode_handshake(Handshake0, Version, Seq),
     Hist = update_handshake_history(Handshake0, Handshake, Hist0),
+    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'handshake', Handshake0),
+
     State#state{flight_buffer = Flight0#{handshakes => [Handshake | HsBuffer0],
 					 next_sequence => Seq +1},
 	handshake_env = HsEnv#handshake_env{tls_handshake_history = Hist}};
@@ -317,9 +328,12 @@ queue_handshake(Handshake0, #state{handshake_env = #handshake_env{tls_handshake_
 queue_handshake(Handshake0, #state{handshake_env = #handshake_env{tls_handshake_history = Hist0} = HsEnv, 
                                    connection_env = #connection_env{negotiated_version = Version},
 				   flight_buffer = #{handshakes_after_change_cipher_spec := Buffer0,
-						     next_sequence := Seq} = Flight0} = State) ->
+						     next_sequence := Seq} = Flight0,
+                                   ssl_options = SslOpts} = State) ->
     Handshake = dtls_handshake:encode_handshake(Handshake0, Version, Seq),
     Hist = update_handshake_history(Handshake0, Handshake, Hist0),
+    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'handshake', Handshake0),
+
     State#state{flight_buffer = Flight0#{handshakes_after_change_cipher_spec => [Handshake | Buffer0],
 					 next_sequence => Seq +1},
                 handshake_env = HsEnv#handshake_env{tls_handshake_history = Hist}}.
@@ -327,7 +341,7 @@ queue_handshake(Handshake0, #state{handshake_env = #handshake_env{tls_handshake_
 queue_change_cipher(ChangeCipher, #state{flight_buffer = Flight,
 					 connection_states = ConnectionStates0} = State) -> 
     ConnectionStates = 
-	dtls_record:next_epoch(ConnectionStates0, write), 
+	dtls_record:next_epoch(ConnectionStates0, write),
     State#state{flight_buffer = Flight#{change_cipher_spec => ChangeCipher},
 		connection_states = ConnectionStates}.
 
@@ -350,8 +364,8 @@ reinit_handshake_data(#state{static_env = #static_env{data_tag = DataTag},
 		      dtls_handshake_later_fragments = []
 		     }}.
 
-select_sni_extension(#client_hello{extensions = HelloExtensions}) ->
-    HelloExtensions#hello_extensions.sni;
+select_sni_extension(#client_hello{extensions = #{sni := SNI}}) ->
+    SNI;
 select_sni_extension(_) ->
     undefined.
 
@@ -367,11 +381,14 @@ encode_alert(#alert{} = Alert, Version, ConnectionStates) ->
 
 send_alert(Alert, #state{static_env = #static_env{socket = Socket,
                                                   transport_cb = Transport},
+
                          connection_env = #connection_env{negotiated_version = Version},
-			 connection_states = ConnectionStates0} = State0) ->
+			 connection_states = ConnectionStates0,
+                         ssl_options = SslOpts} = State0) ->
     {BinMsg, ConnectionStates} =
 	encode_alert(Alert, Version, ConnectionStates0),
     send(Transport, Socket, BinMsg),
+    ssl_logger:debug(SslOpts#ssl_options.log_level, outbound, 'record', BinMsg),
     State0#state{connection_states = ConnectionStates}.
 
 send_alert_in_connection(Alert, State) ->
@@ -434,12 +451,11 @@ init({call, From}, {start, Timeout},
     HelloVersion = dtls_record:hello_version(Version, SslOpts#ssl_options.versions),
     State1 = prepare_flight(State0#state{connection_env = CEnv#connection_env{negotiated_version = Version}}),
     {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}),  
-    State3 = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% RequestedVersion
+    State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% RequestedVersion
 			  session =
 			      Session0#session{session_id = Hello#client_hello.session_id},
 			  start_or_recv_from = From},
-    {Record, State} = next_record(State3),
-    next_event(hello, Record, State, [{{timeout, handshake}, Timeout, close} | Actions]);
+    next_event(hello, no_record, State, [{{timeout, handshake}, Timeout, close} | Actions]);
 init({call, _} = Type, Event, #state{static_env = #static_env{role = server},
                                      protocol_specific = PS} = State) ->
     Result = gen_handshake(?FUNCTION_NAME, Type, Event, 
@@ -497,9 +513,8 @@ hello(internal, #client_hello{cookie = <<>>,
     %% negotiated.
     VerifyRequest = dtls_handshake:hello_verify_request(Cookie, ?HELLO_VERIFY_REQUEST_VERSION),
     State1 = prepare_flight(State0#state{connection_env = CEnv#connection_env{negotiated_version = Version}}),
-    {State2, Actions} = send_handshake(VerifyRequest, State1),
-    {Record, State} = next_record(State2),
-    next_event(?FUNCTION_NAME, Record, 
+    {State, Actions} = send_handshake(VerifyRequest, State1),
+    next_event(?FUNCTION_NAME, no_record, 
                State#state{handshake_env = HsEnv#handshake_env{
                                              tls_handshake_history = 
                                                  ssl_handshake:init_handshake_history()}}, 
@@ -537,14 +552,14 @@ hello(internal, #client_hello{extensions = Extensions} = Hello,
              start_or_recv_from = From} = State) ->
     {next_state, user_hello, State#state{start_or_recv_from = undefined,
                                          handshake_env = HsEnv#handshake_env{hello = Hello}},
-     [{reply, From, {ok, ssl_connection:map_extensions(Extensions)}}]};
+     [{reply, From, {ok, Extensions}}]};
 hello(internal, #server_hello{extensions = Extensions} = Hello, 
       #state{ssl_options = #ssl_options{handshake = hello},
              handshake_env = HsEnv,
              start_or_recv_from = From} = State) ->
     {next_state, user_hello, State#state{start_or_recv_from = undefined,
                                          handshake_env = HsEnv#handshake_env{hello = Hello}},    
-     [{reply, From, {ok, ssl_connection:map_extensions(Extensions)}}]};     
+     [{reply, From, {ok, Extensions}}]};     
 
 hello(internal, #client_hello{cookie = Cookie} = Hello, #state{static_env = #static_env{role = server,
                                                                                         transport_cb = Transport,
@@ -701,12 +716,10 @@ connection(internal, #hello_request{}, #state{static_env = #static_env{host = Ho
     HelloVersion = dtls_record:hello_version(Version, SslOpts#ssl_options.versions),
     State1 = prepare_flight(State0),
     {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}),
-    {Record, State} =
-	next_record(
-	  State2#state{protocol_specific = PS#{flight_state => initial_flight_state(DataTag)},
-                       session = Session0#session{session_id
-                                                  = Hello#client_hello.session_id}}),
-    next_event(hello, Record, State, Actions);
+    State = State2#state{protocol_specific = PS#{flight_state => initial_flight_state(DataTag)},
+                         session = Session0#session{session_id
+                                                    = Hello#client_hello.session_id}},
+    next_event(hello, no_record, State, Actions);
 connection(internal, #client_hello{} = Hello, #state{static_env = #static_env{role = server},
                                                      handshake_env = #handshake_env{allow_renegotiate = true} = HsEnv} = State) ->
     %% Mitigate Computational DoS attack
@@ -762,7 +775,7 @@ format_status(Type, Data) ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, _}, User,
-	      {CbModule, DataTag, CloseTag, ErrorTag}) ->
+	      {CbModule, DataTag, CloseTag, ErrorTag, PassiveTag}) ->
     #ssl_options{beast_mitigation = BeastMitigation} = SSLOptions,
     ConnectionStates = dtls_record:init_connection_states(Role, BeastMitigation),
     
@@ -772,7 +785,12 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, _}, User,
 			 _  ->
 			     ssl_session_cache
 		     end,
-    
+    InternalActiveN =  case application:get_env(ssl, internal_active_n) of
+                           {ok, N} when is_integer(N) ->
+                               N;
+                           _  ->
+                               ?INTERNAL_ACTIVE_N
+                       end,
     Monitor = erlang:monitor(process, User),
     InitStatEnv = #static_env{
                      role = Role,
@@ -781,6 +799,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, _}, User,
                      data_tag = DataTag,
                      close_tag = CloseTag,
                      error_tag = ErrorTag,
+                     passive_tag = PassiveTag,
                      host = Host,
                      port = Port,
                      socket = Socket,
@@ -804,7 +823,9 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions, _}, User,
 	   user_data_buffer = {[],0,[]},
 	   start_or_recv_from = undefined,
 	   flight_buffer = new_flight(),
-           protocol_specific = #{flight_state => initial_flight_state(DataTag)}
+           protocol_specific = #{active_n => InternalActiveN,
+                                 active_n_toggle => true,
+                                 flight_state => initial_flight_state(DataTag)}
 	  }.
 
 initial_flight_state(udp)->
@@ -814,10 +835,14 @@ initial_flight_state(_) ->
 
 next_dtls_record(Data, StateName, #state{protocol_buffers = #protocol_buffers{
 						   dtls_record_buffer = Buf0,
-						   dtls_cipher_texts = CT0} = Buffers} = State0) ->
+						   dtls_cipher_texts = CT0} = Buffers,
+                                         connection_env = #connection_env{negotiated_version = Version},
+                                         static_env = #static_env{data_tag = DataTag},
+                                         ssl_options = SslOpts} = State0) ->
     case dtls_record:get_dtls_records(Data,
-                                      acceptable_record_versions(StateName, State0), 
-                                      Buf0) of
+                                      {DataTag, StateName, Version, 
+                                       [dtls_record:protocol_version(Vsn) || Vsn <- ?ALL_AVAILABLE_DATAGRAM_VERSIONS]}, 
+                                      Buf0, SslOpts) of
 	{Records, Buf1} ->
 	    CT1 = CT0 ++ Records,
 	    next_record(State0#state{protocol_buffers =
@@ -827,10 +852,6 @@ next_dtls_record(Data, StateName, #state{protocol_buffers = #protocol_buffers{
 	    Alert
     end.
 
-acceptable_record_versions(hello, _) ->
-    [dtls_record:protocol_version(Vsn) || Vsn <- ?ALL_DATAGRAM_SUPPORTED_VERSIONS];
-acceptable_record_versions(_, #state{connection_env = #connection_env{negotiated_version = Version}}) ->
-    [Version].
 
 dtls_handshake_events(Packets) ->
     lists:map(fun(Packet) ->
@@ -900,12 +921,21 @@ handle_info({Protocol, _, _, _, Data}, StateName,
 	    ssl_connection:handle_normal_shutdown(Alert, StateName, State0), 
             {stop, {shutdown, own_alert}, State0}
     end;
+
+handle_info({PassiveTag, Socket}, StateName,
+            #state{static_env = #static_env{socket = {_, Socket},
+                                            passive_tag = PassiveTag},
+                   protocol_specific = PS} = State) ->
+    next_event(StateName, no_record,
+               State#state{protocol_specific = PS#{active_n_toggle => true}});
+
 handle_info({CloseTag, Socket}, StateName,
 	    #state{static_env = #static_env{socket = Socket,
                                             close_tag = CloseTag},
                    connection_env = #connection_env{negotiated_version = Version},
                    socket_options = #socket_options{active = Active},
-                   protocol_buffers = #protocol_buffers{dtls_cipher_texts = CTs}} = State) ->
+                   protocol_buffers = #protocol_buffers{dtls_cipher_texts = CTs},
+                   protocol_specific = PS} = State) ->
     %% Note that as of DTLS 1.2 (TLS 1.1),
     %% failure to properly close a connection no longer requires that a
     %% session not be resumed.	This is a change from DTLS 1.0 to conform
@@ -928,7 +958,8 @@ handle_info({CloseTag, Socket}, StateName,
             %% Fixes non-delivery of final DTLS record in {active, once}.
             %% Basically allows the application the opportunity to set {active, once} again
             %% and then receive the final message.
-            next_event(StateName, no_record, State)
+            next_event(StateName, no_record, State#state{
+                                               protocol_specific = PS#{active_n_toggle => true}})
     end;
 
 handle_info(new_cookie_secret, StateName, 
@@ -963,7 +994,7 @@ handle_own_alert(Alert, Version, StateName, #state{static_env = #static_env{data
                                                    ssl_options = Options} = State0) ->
     case ignore_alert(Alert, State0) of
         {true, State} ->
-            log_ignore_alert(Options#ssl_options.log_alert, StateName, Alert, Role),
+            log_ignore_alert(Options#ssl_options.log_level, StateName, Alert, Role),
             {next_state, StateName, State};
         {false, State} ->
             ssl_connection:handle_own_alert(Alert, Version, StateName, State)
@@ -1063,21 +1094,24 @@ start_retransmision_timer(Timeout, #state{protocol_specific = PS} = State) ->
     {State#state{protocol_specific = PS#{flight_state => {retransmit, new_timeout(Timeout)}}}, 
      [{state_timeout, Timeout, flight_retransmission_timeout}]}.
 
-new_timeout(N) when N =< 30 -> 
+new_timeout(N) when N =< 30000 ->
     N * 2;
 new_timeout(_) -> 
-    60.
+    60000.
 
 send_handshake_flight(#state{static_env = #static_env{socket = Socket,
                                                       transport_cb = Transport},
                              connection_env = #connection_env{negotiated_version = Version},
                              flight_buffer = #{handshakes := Flight,
 					       change_cipher_spec := undefined},
-			     connection_states = ConnectionStates0} = State0, Epoch) ->
+			     connection_states = ConnectionStates0,
+                             ssl_options = #ssl_options{log_level = LogLevel}} = State0,
+                      Epoch) ->
     %% TODO remove hardcoded Max size
     {Encoded, ConnectionStates} =
 	encode_handshake_flight(lists:reverse(Flight), Version, 1400, Epoch, ConnectionStates0),
-    send(Transport, Socket, Encoded), 
+    send(Transport, Socket, Encoded),
+    ssl_logger:debug(LogLevel, outbound, 'record', Encoded),
    {State0#state{connection_states = ConnectionStates}, []};
 
 send_handshake_flight(#state{static_env = #static_env{socket = Socket,
@@ -1086,12 +1120,16 @@ send_handshake_flight(#state{static_env = #static_env{socket = Socket,
 			     flight_buffer = #{handshakes := [_|_] = Flight0,
 					       change_cipher_spec := ChangeCipher,
 					       handshakes_after_change_cipher_spec := []},
-			     connection_states = ConnectionStates0} = State0, Epoch) ->      
+			     connection_states = ConnectionStates0,
+                             ssl_options = #ssl_options{log_level = LogLevel}} = State0,
+                      Epoch) ->
     {HsBefore, ConnectionStates1} =
 	encode_handshake_flight(lists:reverse(Flight0), Version, 1400, Epoch, ConnectionStates0),
     {EncChangeCipher, ConnectionStates} = encode_change_cipher(ChangeCipher, Version, Epoch, ConnectionStates1),
 
     send(Transport, Socket, [HsBefore, EncChangeCipher]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [HsBefore]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [EncChangeCipher]),
     {State0#state{connection_states = ConnectionStates}, []};
 
 send_handshake_flight(#state{static_env = #static_env{socket = Socket,
@@ -1100,7 +1138,9 @@ send_handshake_flight(#state{static_env = #static_env{socket = Socket,
 			     flight_buffer = #{handshakes := [_|_] = Flight0,
 					       change_cipher_spec := ChangeCipher,
 					       handshakes_after_change_cipher_spec := Flight1},
-			     connection_states = ConnectionStates0} = State0, Epoch) ->      
+			     connection_states = ConnectionStates0,
+                             ssl_options = #ssl_options{log_level = LogLevel}} = State0,
+                      Epoch) ->
     {HsBefore, ConnectionStates1} =
 	encode_handshake_flight(lists:reverse(Flight0), Version, 1400, Epoch-1, ConnectionStates0),
     {EncChangeCipher, ConnectionStates2} = 
@@ -1108,6 +1148,9 @@ send_handshake_flight(#state{static_env = #static_env{socket = Socket,
     {HsAfter, ConnectionStates} =
 	encode_handshake_flight(lists:reverse(Flight1), Version, 1400, Epoch, ConnectionStates2),
     send(Transport, Socket, [HsBefore, EncChangeCipher, HsAfter]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [HsBefore]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [EncChangeCipher]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [HsAfter]),
     {State0#state{connection_states = ConnectionStates}, []};
 
 send_handshake_flight(#state{static_env = #static_env{socket = Socket,
@@ -1116,12 +1159,16 @@ send_handshake_flight(#state{static_env = #static_env{socket = Socket,
 			     flight_buffer = #{handshakes := [],
 					       change_cipher_spec := ChangeCipher,
 					       handshakes_after_change_cipher_spec := Flight1},
-			     connection_states = ConnectionStates0} = State0, Epoch) ->
+			     connection_states = ConnectionStates0,
+                             ssl_options = #ssl_options{log_level = LogLevel}} = State0,
+                      Epoch) ->
     {EncChangeCipher, ConnectionStates1} = 
 	encode_change_cipher(ChangeCipher, Version, Epoch-1, ConnectionStates0),
     {HsAfter, ConnectionStates} =
 	encode_handshake_flight(lists:reverse(Flight1), Version, 1400, Epoch, ConnectionStates1),
     send(Transport, Socket, [EncChangeCipher, HsAfter]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [EncChangeCipher]),
+    ssl_logger:debug(LogLevel, outbound, 'record', [HsAfter]),
     {State0#state{connection_states = ConnectionStates}, []}.
 
 retransmit_epoch(_StateName, #state{connection_states = ConnectionStates}) ->
@@ -1160,11 +1207,11 @@ is_ignore_alert(#alert{description = ?ILLEGAL_PARAMETER}) ->
 is_ignore_alert(_) ->
     false.
 
-log_ignore_alert(true, StateName, Alert, Role) ->
+log_ignore_alert(debug, StateName, Alert, Role) ->
     Txt = ssl_alert:alert_txt(Alert),
-    error_logger:format("DTLS over UDP ~p: In state ~p ignored to send ALERT ~s as DoS-attack mitigation \n", 
-                        [Role, StateName, Txt]);
-log_ignore_alert(false, _, _,_) ->
+    ?LOG_ERROR("DTLS over UDP ~p: In state ~p ignored to send ALERT ~s as DoS-attack mitigation \n",
+                 [Role, StateName, Txt]);
+log_ignore_alert(_, _, _, _) ->
     ok.
 
 send_application_data(Data, From, _StateName,
@@ -1173,7 +1220,8 @@ send_application_data(Data, From, _StateName,
                              connection_env = #connection_env{negotiated_version = Version},
                              handshake_env = HsEnv,
                              connection_states = ConnectionStates0,
-                             ssl_options = #ssl_options{renegotiate_at = RenegotiateAt}} = State0) ->
+                             ssl_options = #ssl_options{renegotiate_at = RenegotiateAt,
+                                                        log_level = LogLevel}} = State0) ->
        
     case time_to_renegotiate(Data, ConnectionStates0, RenegotiateAt) of
 	true ->
@@ -1185,6 +1233,7 @@ send_application_data(Data, From, _StateName,
             State = State0#state{connection_states = ConnectionStates},
 	    case send(Transport, Socket, Msgs) of
                 ok ->
+                    ssl_logger:debug(LogLevel, outbound, 'record', Msgs),
                     ssl_connection:hibernate_after(connection, State, [{reply, From, ok}]);
                 Result ->
                     ssl_connection:hibernate_after(connection, State, [{reply, From, Result}])