To enable the System SSL trace you would do the following:
you need to add the following to the JCL:
//CEEOPTS DD *
The CEEOPTS DD statement is used to specify LE runtime options. The ENVAR option is used to set environment variables which System SSL will use during the run. Variable GSK_TRACE enables System SSL tracing and GSK_TRACE file specifies the name of the UNFORMATTED trace file which will be created by SystemSSL. The percent sign in the file name replaces to the numeric Unix process ID which creates the file. Value /tmp/gskssl.%.trc is the default and of course you may specify a different name if you need.
Once you have the unformatted SystemSSL trace file, you need to format it into readable statements using the 'gsktrace' utility. The command is:
gsktrace input_file > output_file