SSLLogger.java (was Re: Code Review Request: TLS 1.3 Implementation)

Weijun Wang weijun.wang at oracle.com
Thu Jun 7 01:10:06 UTC 2018


I assume this output is for the internal SSLLogger. I was asking what would be printed if someone only set "-Djavax.net.debug" and a System logger is used.

--Max

> On Jun 7, 2018, at 8:54 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> 
> 
> On 6/6/2018 5:46 PM, Weijun Wang wrote:
>>> On Jun 7, 2018, at 8:41 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>> 
>>> 
>>> 
>>> On 6/6/2018 4:21 PM, Weijun Wang wrote:
>>>>> On Jun 7, 2018, at 12:27 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>> 
>>>>> On 6/6/2018 5:41 AM, Weijun Wang wrote:
>>>>>> There are lots of calls like
>>>>>>    RSAClientKeyExchangeMessage ckem =
>>>>>>            new RSAClientKeyExchangeMessage(shc, message);
>>>>>>    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>>>>>        SSLLogger.fine(
>>>>>>            "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>>>>    }
>>>>>> which finally calls to
>>>>>>    String formatted =
>>>>>>         SSLSimpleFormatter.formatParameters(params);
>>>>>>    logger.log(level, msg, formatted);
>>>>>> Now that msg contains no placeholder likes "{0}", nothing on temporary will be shown.
>>>>> I did not catch you here. SSLSimpleFormatter is a package private class (SSLLogger#SSLSimpleFormatter), which does not use placeholder in msg.
>>>> I see.
>>>> BTW, at the beginning of SSLLogger, there is
>>>> String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
>>>> if (p != null) {
>>>>     if (p.isEmpty()) {
>>>>         property = "";
>>>>         logger = System.getLogger("javax.net.ssl");
>>>>     } else {
>>>> Will this "p.isEmpty()" ever happen? I cannot find a place when only SSLLogger.isOn is checked but not SSLLogger.isOn("something").
>>> If p.isEmpty(), SSLLogger.isOn("something") always returns true.  It means that 'something" (ssl, handshake, etc) is not used to control the debug level any more.  Instead, the System.Logger levels (FINE, WARNING, etc) get used instead.
>> And in this case, what would
>>>>>>        SSLLogger.fine(
>>>>>>            "Consuming RSA ClientKeyExchange handshake message", ckem);
>> print out?
> If Level.DEBUG is enabled, the printout may look like (I use the DH ClientkeyExchange handshake message as I happen to have the debug log in hand):
> 
> javax.net.ssl|DEBUG|01|main|2018-06-06 17:49:38.624 PDT|DHClientKeyExchange.java:271|Consuming DH ClientKeyExchange handshake message (
> "DH ClientKeyExchange": {
>  "parameters": {
>    "dh_Yc": {
>      0000: 4E 8B 14 6B E7 D6 EB BF   8C 69 C6 03 5D D0 EA 10 N..k.....i..]...
>      0010: F9 B6 37 89 B5 50 67 3B   A0 3B 18 2C EE 99 87 D5 ..7..Pg;.;.,....
>      0020: D8 61 62 D1 5F 97 66 6B   27 03 19 6C 6D DE 91 07 .ab._.fk'..lm...
>      0030: E1 A8 AC D7 30 55 2C 86   A1 D1 9C 98 BF DF 83 3E ....0U,........>
>      0040: 34 1F 7C F0 AC 87 BC 5E   D4 E9 99 33 2C D0 79 20 4......^...3,.y
>      0050: B5 66 12 95 84 66 50 24   5D F6 C9 1A D0 18 8C A9 .f...fP$].......
>      0060: 9A EC E5 59 5C FE 57 31   66 CE BF FD E2 61 4B 5D ...Y\.W1f....aK]
>      0070: A5 49 94 0B CC 30 BA 0A   16 D9 0A B3 19 EE 58 C7 .I...0........X.
>      0080: E4 D1 22 9E 1D 9A 43 57   D0 B8 B6 87 02 A0 42 D3 .."...CW......B.
>      0090: A1 66 EB 04 5F 5F B7 3F   1F B9 1A 23 D1 79 A6 01 .f..__.?...#.y..
>      00A0: 9F CE 65 EE CD 04 B7 1A   38 2E 2A 7B F3 0E F6 F8 ..e.....8.*.....
>      00B0: 5F D3 8F E5 5E 83 89 FD   97 17 9D C4 81 99 9A AB _...^...........
>      00C0: 83 EC E5 C5 68 0A E2 D5   CF D0 70 D9 D5 BE C4 16 ....h.....p.....
>      00D0: 37 E2 2D 86 2C 53 95 C8   D9 EE 9F E4 32 35 DE FE 7.-.,S......25..
>      00E0: D8 5D 78 BC 6E 2C 98 90   03 0B F4 CF 36 20 6E F1 .]x.n,......6 n.
>      00F0: F9 3B 05 C1 3E 17 2A 7B   11 39 6D 59 82 A8 61 9C .;..>.*..9mY..a.
>    },
>  }
> }
> )
> 
> Xuelei



More information about the security-dev mailing list