On Tue, 23 Aug 2022 20:03:19 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> So, do you want to make the log where the configuration happens? Logging in >> one place cannot have the accuracy debug log where the problem happens, and >> cannot easy the analysis of the debug. One just gets the configuration >> information, but did not get the code line numbers and processes why the >> information is not good. We can have all log in one place for the TLS >> implementation, and tell the log reader to analysis the configuration by >> himself, but the style was not chosen because more debug information was >> expected to carry in the log. > > I think Weibing is trying to achieve a balance here - the current TLS logs > are quite verbose. I'm not sure if we need verbose SSLServerSocket info for > every server socket operation. The current approach is to print the > SSLServerSocket details when a handshake fails due to a > ciphersuite/keyexchange config issue Thanks for the comments. I'm not sure if it is really helpful for developers to understand and debug the failure by reading the additionally dumped cipher suites and/or key exchange configuration. Given the server cipher suites TLS_AES_128_GCM_SHA256, can one really know the failure reason exactly? ------------- PR: https://git.openjdk.org/jdk/pull/9731
