Re: RFR: 8044609: javax.net.debug "ssl" options are not working and documented as expected.

Sean Coffey Wed, 17 Apr 2024 07:15:08 -0700

On Fri, 12 Apr 2024 15:56:24 GMT, Sean Coffey <coff...@openjdk.org> wrote:


> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation 
> was introduced many years ago.
> 
> Where "ssl" was previously a value to obtain all TLS debug traces (except 
> network type dumps, verbose data), it now prints only a few lines for a 
> standard client TLS connection. 
> 
> The property parsing was also lax and allowed users to declare verbose 
> logging options by themselves where the documentation stated that such 
> verbose options were only meant to be used in conjunction with other TLS 
> options :
> 
> 
>         System.err.println("help           print the help messages");
>         System.err.println("expand         expand debugging information");
>         System.err.println();
>         System.err.println("all            turn on all debugging");
>         System.err.println("ssl            turn on ssl debugging");
>         System.err.println();
>         System.err.println("The following can be used with ssl:");
>         System.err.println("\trecord       enable per-record tracing");
>         System.err.println("\thandshake    print each handshake message");
>         System.err.println("\tkeygen       print key generation data");
>         System.err.println("\tsession      print session activity");
>         System.err.println("\tdefaultctx   print default SSL initialization");
>         System.err.println("\tsslctx       print SSLContext tracing");
>         System.err.println("\tsessioncache print session cache tracing");
>         System.err.println("\tkeymanager   print key manager tracing");
>         System.err.println("\ttrustmanager print trust manager tracing");
>         System.err.println("\tpluggability print pluggability tracing");
>         System.err.println();
>         System.err.println("\thandshake debugging can be widened with:");
>         System.err.println("\tdata         hex dump of each handshake 
> message");
>         System.err.println("\tverbose      verbose handshake message 
> printing");
>         System.err.println();
>         System.err.println("\trecord debugging can be widened with:");
>         System.err.println("\tplaintext    hex dump of record plaintext");
>         System.err.println("\tpacket       print raw SSL/TLS packets");
> 
> 
> as part of this patch, I've also moved the log call to the more performant 
> friendly 
> `System.Logger#log(java.lang.System.Logger.Level,java.util.function.Supplier)`
>  method. 
> 
> the output has changed slightly with respect to that  - less verbose
> 
> e.g. old style:
> 
> 
> javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:24.302 GMT|SSLSocketOut...

Tidied up the help menu output to capture current options
Changed logic to allow` -Djavax.net.debug=ssl,handshake` emit all ssl data 
(done today also)
Improved test case coverage

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18764#issuecomment-2061357214

Re: RFR: 8044609: javax.net.debug "ssl" options are not working and documented as expected.

Reply via email to