Logging / debugging crypto-policies?

I am wondering if there is a way to enable debugging or logging for crypto-policies?

For example: say I'm attempting to run software that's using TLS, but the software is terribly documented and I don't know what settings it's using - or I don't have a way to configure those settings. Let's also say this software has terrible logging, so I don't know what it's attempting to do.

Can I have the crypto-policies tell me something like "cipher XYZ was BLOCKED" so I can then build a policy that enables the right things and lets the software run?

I'm assuming that the imaginary software calls TLS, then TLS performs some kind of lookup in the crypto-policies... I'd think info about that lookup could be written to a log. Is there a debug setting for this? Perhaps I don't fully understand how the crypto-policies work.