JSSE Debug Log redirection

[Alexey Bakhtin]

Hello Bernd,

You are right, the javax.net.ssl logger was changed to adjust with JDK11 implementation. It still allows to redirect TLS log messages to the custom logger, but should be enabled differently in comparison to the original JDK8 implementation.
As you mentioned, TLS logging redirection can be enabled with “-Djavax.net.debug=“ option only (value is not specified). In this case ALL TLS log is redirected to your custom logger (if specified ). It is not possible to filter out  log messages for custom logger by ares (like “ssl,handshake,packet”).
Also, please note, that the full log message is a combination of record.getMessage() and  record.getParameters() even if message does not contains references to the parameters. It is missed in your example and could be a reason of absence of expected messages in the custom logger.

Regards
Alexey

> On 4 Nov 2020, at 23:30, Bernd Eckenfels <ecki at zusammenkunft.net> wrote:
> 
> Hello Andrew,
> 
> the Main issue is, that the stdout redirection does no longer work with the internal logger, so code changes in applications are needed to get that functionality back.
> 
> BTW When using a new JUL logger (which only works in OpenJDK) the problem is that the trace messages with hexdump use a unreferenced parameter (no matching format string), so the usual logger bridges/manager for JUL logging also won’t translate those strings. So when you try to change the logger support for this, you might also need to adjust your log impl (it looks like JBoss does not show those parameters in the log record).
> 
> It also looks like some truststores traces no longer show up, maybe they still check for the component in the ssl.debug property - will need to investigate that later.
> 
> Gruss
> Bernd
> 
> Ps: i still like the java 8u codebase to be united again :)
> --
> http://bernd.eckenfels.net