On Wed, 3 Aug 2022 15:40:54 GMT, Weibing Xiao <d...@openjdk.org> wrote:
> Log the debugging info for server cipher suites when setting javax.net.debug
> == ssl, handshake.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 409:
> 407: if (shc.sslConfig.preferLocalCipherSuites) {
> 408: preferred = shc.activeCipherSuites;
> 409: proposed = clientHello.cipherSuites;
Instead of wrapping all information in one block, I may prefer to break down
and place them in the close place where is happens.
I may dump the debug log here for cipher suite preference and server activated
cipher suites.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 416:
> 414:
> 415: List<CipherSuite> legacySuites = new LinkedList<>();
> 416: boolean CSFound = false;
This variable may be not necessary if the debug log has been broken down into
multiple place.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 420:
> 418: if (!HandshakeContext.isNegotiable(
> 419: proposed, shc.negotiatedProtocol, cs)) {
> 420: continue;
I may add a debug log that the cipher suite is not negotiable her for the
protocol.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 438:
> 436:
> 437: if (ke == null) {
> 438: continue;
I may add a debug log here that the key exchange is not good for the cipher
suite and protocol.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 447:
> 445: continue;
> 446: }
> 447:
I may not remove this blank line.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 449:
> 447: SSLPossession[] hcds = ke.createPossessions(shc);
> 448: if ((hcds == null) || (hcds.length == 0)) {
> 449: continue;
I may add a debug log here that the cipher suite is legacy.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 452:
> 450: SSLLogger.fine("use cipher suite " + cs.name);
> 451: }
> 452:
I may not remove this blank line.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 461:
> 459: SSLKeyExchange ke = SSLKeyExchange.valueOf(
> 460: cs.keyExchange, shc.negotiatedProtocol);
> 461:
I may not add this extra line.
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 472:
> 470:
> 471: throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
> 472: "no cipher suites in common");
As there are detailed negotiation debug log, I may just update this line from
"no cipher suites in common" to "no cipher suites or key exchange algorithms in
common"
src/java.base/share/classes/sun/security/ssl/ServerHello.java line 757:
> 755: if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
> 756: printServerSocketConfig(shc, null);
> 757: }
Similarly, I may break down the debug log closer to the actions.
-------------
PR: https://git.openjdk.org/jdk/pull/9731
