Currently the APIcast "debug" level logs are not very informative when Mutual TLS is being used, which makes it hard to troubleshoot issues (both for Support and for the customers as well). A few useful information that could be added:

• Did APIcast send the client side Certificate?
• How did it send? Was it embedded or did it use a file?
• Maybe an Environment Variable such as 'APICAST_TLS_LOG_LEVEL' could be helpful and mimic the behavior from 'APICAST_OIDC_LOG_LEVEL' when set to "debug", e.g. output more TLS/mTLS troubleshooting data, including the Certificates being sent.

It's relatively easy to troubleshoot TLS only issues, however when this flows happens both ways (mTLS), it becomes a bit more complex to detect what is really happening.