SSLLogger.java (was Re: Code Review Request: TLS 1.3 Implementation)
Weijun Wang
weijun.wang at oracle.com
Thu Jun 7 01:10:06 UTC 2018
I assume this output is for the internal SSLLogger. I was asking what would be printed if someone only set "-Djavax.net.debug" and a System logger is used.
--Max
> On Jun 7, 2018, at 8:54 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
>
>
> On 6/6/2018 5:46 PM, Weijun Wang wrote:
>>> On Jun 7, 2018, at 8:41 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>
>>>
>>>
>>> On 6/6/2018 4:21 PM, Weijun Wang wrote:
>>>>> On Jun 7, 2018, at 12:27 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>>
>>>>> On 6/6/2018 5:41 AM, Weijun Wang wrote:
>>>>>> There are lots of calls like
>>>>>> RSAClientKeyExchangeMessage ckem =
>>>>>> new RSAClientKeyExchangeMessage(shc, message);
>>>>>> if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>>>>> SSLLogger.fine(
>>>>>> "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>>>> }
>>>>>> which finally calls to
>>>>>> String formatted =
>>>>>> SSLSimpleFormatter.formatParameters(params);
>>>>>> logger.log(level, msg, formatted);
>>>>>> Now that msg contains no placeholder likes "{0}", nothing on temporary will be shown.
>>>>> I did not catch you here. SSLSimpleFormatter is a package private class (SSLLogger#SSLSimpleFormatter), which does not use placeholder in msg.
>>>> I see.
>>>> BTW, at the beginning of SSLLogger, there is
>>>> String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
>>>> if (p != null) {
>>>> if (p.isEmpty()) {
>>>> property = "";
>>>> logger = System.getLogger("javax.net.ssl");
>>>> } else {
>>>> Will this "p.isEmpty()" ever happen? I cannot find a place when only SSLLogger.isOn is checked but not SSLLogger.isOn("something").
>>> If p.isEmpty(), SSLLogger.isOn("something") always returns true. It means that 'something" (ssl, handshake, etc) is not used to control the debug level any more. Instead, the System.Logger levels (FINE, WARNING, etc) get used instead.
>> And in this case, what would
>>>>>> SSLLogger.fine(
>>>>>> "Consuming RSA ClientKeyExchange handshake message", ckem);
>> print out?
> If Level.DEBUG is enabled, the printout may look like (I use the DH ClientkeyExchange handshake message as I happen to have the debug log in hand):
>
> javax.net.ssl|DEBUG|01|main|2018-06-06 17:49:38.624 PDT|DHClientKeyExchange.java:271|Consuming DH ClientKeyExchange handshake message (
> "DH ClientKeyExchange": {
> "parameters": {
> "dh_Yc": {
> 0000: 4E 8B 14 6B E7 D6 EB BF 8C 69 C6 03 5D D0 EA 10 N..k.....i..]...
> 0010: F9 B6 37 89 B5 50 67 3B A0 3B 18 2C EE 99 87 D5 ..7..Pg;.;.,....
> 0020: D8 61 62 D1 5F 97 66 6B 27 03 19 6C 6D DE 91 07 .ab._.fk'..lm...
> 0030: E1 A8 AC D7 30 55 2C 86 A1 D1 9C 98 BF DF 83 3E ....0U,........>
> 0040: 34 1F 7C F0 AC 87 BC 5E D4 E9 99 33 2C D0 79 20 4......^...3,.y
> 0050: B5 66 12 95 84 66 50 24 5D F6 C9 1A D0 18 8C A9 .f...fP$].......
> 0060: 9A EC E5 59 5C FE 57 31 66 CE BF FD E2 61 4B 5D ...Y\.W1f....aK]
> 0070: A5 49 94 0B CC 30 BA 0A 16 D9 0A B3 19 EE 58 C7 .I...0........X.
> 0080: E4 D1 22 9E 1D 9A 43 57 D0 B8 B6 87 02 A0 42 D3 .."...CW......B.
> 0090: A1 66 EB 04 5F 5F B7 3F 1F B9 1A 23 D1 79 A6 01 .f..__.?...#.y..
> 00A0: 9F CE 65 EE CD 04 B7 1A 38 2E 2A 7B F3 0E F6 F8 ..e.....8.*.....
> 00B0: 5F D3 8F E5 5E 83 89 FD 97 17 9D C4 81 99 9A AB _...^...........
> 00C0: 83 EC E5 C5 68 0A E2 D5 CF D0 70 D9 D5 BE C4 16 ....h.....p.....
> 00D0: 37 E2 2D 86 2C 53 95 C8 D9 EE 9F E4 32 35 DE FE 7.-.,S......25..
> 00E0: D8 5D 78 BC 6E 2C 98 90 03 0B F4 CF 36 20 6E F1 .]x.n,......6 n.
> 00F0: F9 3B 05 C1 3E 17 2A 7B 11 39 6D 59 82 A8 61 9C .;..>.*..9mY..a.
> },
> }
> }
> )
>
> Xuelei
More information about the security-dev
mailing list