RFR: 8044609: javax.net.debug "ssl" options are not working and documented as expected.

Sean Coffey Fri, 12 Apr 2024 10:15:32 -0700

The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation 
was introduced many years ago.


Where "ssl" was previously a value to obtain all TLS debug traces (except 
network type dumps, verbose data), it now prints only a few lines for a 
standard client TLS connection. 

The property parsing was also lax and allowed users to declare verbose logging 
options by themselves where the documentation stated that such verbose options 
were only meant to be used in conjunction with other TLS options :


        System.err.println("help           print the help messages");
        System.err.println("expand         expand debugging information");
        System.err.println();
        System.err.println("all            turn on all debugging");
        System.err.println("ssl            turn on ssl debugging");
        System.err.println();
        System.err.println("The following can be used with ssl:");
        System.err.println("\trecord       enable per-record tracing");
        System.err.println("\thandshake    print each handshake message");
        System.err.println("\tkeygen       print key generation data");
        System.err.println("\tsession      print session activity");
        System.err.println("\tdefaultctx   print default SSL initialization");
        System.err.println("\tsslctx       print SSLContext tracing");
        System.err.println("\tsessioncache print session cache tracing");
        System.err.println("\tkeymanager   print key manager tracing");
        System.err.println("\ttrustmanager print trust manager tracing");
        System.err.println("\tpluggability print pluggability tracing");
        System.err.println();
        System.err.println("\thandshake debugging can be widened with:");
        System.err.println("\tdata         hex dump of each handshake message");
        System.err.println("\tverbose      verbose handshake message printing");
        System.err.println();
        System.err.println("\trecord debugging can be widened with:");
        System.err.println("\tplaintext    hex dump of record plaintext");
        System.err.println("\tpacket       print raw SSL/TLS packets");


as part of this patch, I've also moved the log call to the more performant 
friendly 
`System.Logger#log(java.lang.System.Logger.Level,java.util.function.Supplier)` 
method. 

the output has changed slightly with respect to that  - less verbose

e.g. old style:


javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:24.302 
GMT|SSLSocketOutputRecord.java:261|WRITE: TLSv1.2 handshake, length = 70
javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:24.302 
GMT|SSLSocketOutputRecord.java:275|Raw write (
  0000: 16 03 03 00 46 10 00 00   42 41 04 90 84 B1 78 70  ....F...BA....xp
  0010: 08 E1 9B 40 AF 3C E7 81   2C 65 57 0C 81 C4 98 26  ...@.<..,eW....&
  0020: 98 5B 12 20 B8 9A C3 36   6B 7A 51 0E B7 AA 32 D0  .[. ...6kzQ...2.
  0030: 0D 82 36 56 3D 1C F0 EB   14 22 AF 2C 74 76 D7 86  ..6V=....".,tv..
  0040: 65 B6 21 31 72 BD 2A D7   A6 91 A4                 e.!1r.*....
)
javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:24.310 
GMT|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message

e.g. new format:


javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:46.440 
GMT|SSLSocketOutputRecord.java:261|WRITE: TLSv1.2 handshake, length = 70
javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:46.441 
GMT|SSLSocketOutputRecord.java:275|Raw write:
  0000: 16 03 03 00 46 10 00 00   42 41 04 97 07 5E 48 78  ....F...BA...^Hx
  0010: EC AB 59 78 13 0B CD 79   B9 43 89 DF 36 07 38 54  ..Yx...y.C..6.8T
  0020: 2B E4 E7 D8 89 0B C0 D6   67 CB 4A 81 E9 E8 B7 50  +.......g.J....P
  0030: A1 F4 3C 71 3E 67 26 24   95 4E 59 4E B6 5A 94 32  ..<q>g&$.NYN.Z.2
  0040: AA AD C4 84 E2 28 71 B7   DB 43 E4                 .....(q..C.
javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:46.447 
GMT|ChangeCipherSpec.java:114|Produced ChangeCipherSpec message

note one line less per verbose entry and dropping of brackets around verbose 
output

***
new test case added to exercise` javax.net.debug` options including the use of 
the `System.Logger` option.

-------------

Commit messages:
 - Tighten up ssl parsing
 - remove file
 - Initial commit

Changes: https://git.openjdk.org/jdk/pull/18764/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=18764&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8044609
  Stats: 358 lines in 22 files changed: 156 ins; 28 del; 174 mod
  Patch: https://git.openjdk.org/jdk/pull/18764.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/18764/head:pull/18764

PR: https://git.openjdk.org/jdk/pull/18764

RFR: 8044609: javax.net.debug "ssl" options are not working and documented as expected.

Reply via email to