On Wed, 4 Feb 2026 15:59:33 GMT, Sean Coffey <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLLogger.java line 239:
>>
>>> 237: " all non-widening filters are enabled.%n%n");
>>> 238: System.err.printf("%nAdding valid filter options to \"ssl\"
>>> will log" +
>>> 239: " messages to include%njust those filtered
>>> categories.%n");
>>
>> So the intended behavior is the following:
>>
>> If we have code like this:
>>
>>> if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
>>
>> then setting `javax.net.debug=ssl` or `ssl,trustmanager`, it will always
>> output this logging statement.
>>
>> But if we have code like this:
>>
>>> if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
>>
>> then `javax.net.debug=ssl` will output this (because only `ssl` was
>> enabled), but `javax.net.debug=ssl,keymanager` will not. That's because
>> `keymanager` is a valid name, thus only the `SSL` and `KEYMANAGER` options
>> will print).
>>
>> So we need to make sure that everything `SSL` and non-`SSL` is categorized
>> correctly, which will be the focus of
>> [JDK-8344158](https://bugs.openjdk.org/browse/JDK-8344158).
>>
>> The wording here needs a slight update, and I'm not quite sure how to word
>> this. Ideas? :)
>>
>> Adding valid filter options to ssl will output the high-level SSL/TLS
>> debug
>> messages, plus only those messages in the specified categories.
>
> yes, that's the logic in use now. The sub-component options need to be
> regarded as filters.
>
> regards the wording, it's hard to chose the best description. What's there
> accurate in some respect.
> How about:
>
> `Specifying filter options with "ssl" includes messages for the selected
> categories, as well as all general SSL debug messages.`
Maybe:
`Specifying filter options with "ssl" only includes messages for the selected
categories, plus the general SSL debug messages.`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18764#discussion_r2770980414
