Can we have set it to info? Debug is very verbose for SSL just to find out why a HTTP request was replied to with a 403.
Whatever is appropriate on startup/graceful restart is fine, but 400's must be
deciphered out by examining the debug log. The vast number of any class of
400 requests are caused by robot or malicious traffic, so please, nothing
stronger than a debug emit for these incidental, undesired TCP connections.