SSLLogger.java (was Re: Code Review Request: TLS 1.3 Implementation)

Weijun Wang weijun.wang at oracle.com
Thu Jun 7 01:37:39 UTC 2018 

But will any application use the logger named "javax.net.debug"? I think that's only for JSSE.

> On Jun 7, 2018, at 9:35 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> I see your concerns now.  Currently, we don't fine the format if using System logger.  Applications can define the format and output style for themselves if needed.  That's also the purpose why we introduce the System Logger in the provider.
> 
> Xuelei
> 
> On 6/6/2018 6:10 PM, Weijun Wang wrote:
>> I assume this output is for the internal SSLLogger. I was asking what would be printed if someone only set "-Djavax.net.debug" and a System logger is used.
>> --Max
>>> On Jun 7, 2018, at 8:54 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>> 
>>> 
>>> 
>>> On 6/6/2018 5:46 PM, Weijun Wang wrote:
>>>>> On Jun 7, 2018, at 8:41 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>> 
>>>>> 
>>>>> 
>>>>> On 6/6/2018 4:21 PM, Weijun Wang wrote:
>>>>>>> On Jun 7, 2018, at 12:27 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>>>> 
>>>>>>> On 6/6/2018 5:41 AM, Weijun Wang wrote:
>>>>>>>> There are lots of calls like
>>>>>>>>    RSAClientKeyExchangeMessage ckem =
>>>>>>>>            new RSAClientKeyExchangeMessage(shc, message);
>>>>>>>>    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>>>>>>>        SSLLogger.fine(
>>>>>>>>            "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>>>>>>    }
>>>>>>>> which finally calls to
>>>>>>>>    String formatted =
>>>>>>>>         SSLSimpleFormatter.formatParameters(params);
>>>>>>>>    logger.log(level, msg, formatted);
>>>>>>>> Now that msg contains no placeholder likes "{0}", nothing on temporary will be shown.
>>>>>>> I did not catch you here. SSLSimpleFormatter is a package private class (SSLLogger#SSLSimpleFormatter), which does not use placeholder in msg.
>>>>>> I see.
>>>>>> BTW, at the beginning of SSLLogger, there is
>>>>>> String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
>>>>>> if (p != null) {
>>>>>>     if (p.isEmpty()) {
>>>>>>         property = "";
>>>>>>         logger = System.getLogger("javax.net.ssl");
>>>>>>     } else {
>>>>>> Will this "p.isEmpty()" ever happen? I cannot find a place when only SSLLogger.isOn is checked but not SSLLogger.isOn("something").
>>>>> If p.isEmpty(), SSLLogger.isOn("something") always returns true.  It means that 'something" (ssl, handshake, etc) is not used to control the debug level any more.  Instead, the System.Logger levels (FINE, WARNING, etc) get used instead.
>>>> And in this case, what would
>>>>>>>>        SSLLogger.fine(
>>>>>>>>            "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>> print out?
>>> If Level.DEBUG is enabled, the printout may look like (I use the DH ClientkeyExchange handshake message as I happen to have the debug log in hand):
>>> 
>>> javax.net.ssl|DEBUG|01|main|2018-06-06 17:49:38.624 PDT|DHClientKeyExchange.java:271|Consuming DH ClientKeyExchange handshake message (
>>> "DH ClientKeyExchange": {
>>>  "parameters": {
>>>    "dh_Yc": {
>>>      0000: 4E 8B 14 6B E7 D6 EB BF   8C 69 C6 03 5D D0 EA 10 N..k.....i..]...
>>>      0010: F9 B6 37 89 B5 50 67 3B   A0 3B 18 2C EE 99 87 D5 ..7..Pg;.;.,....
>>>      0020: D8 61 62 D1 5F 97 66 6B   27 03 19 6C 6D DE 91 07 .ab._.fk'..lm...
>>>      0030: E1 A8 AC D7 30 55 2C 86   A1 D1 9C 98 BF DF 83 3E ....0U,........>
>>>      0040: 34 1F 7C F0 AC 87 BC 5E   D4 E9 99 33 2C D0 79 20 4......^...3,.y
>>>      0050: B5 66 12 95 84 66 50 24   5D F6 C9 1A D0 18 8C A9 .f...fP$].......
>>>      0060: 9A EC E5 59 5C FE 57 31   66 CE BF FD E2 61 4B 5D ...Y\.W1f....aK]
>>>      0070: A5 49 94 0B CC 30 BA 0A   16 D9 0A B3 19 EE 58 C7 .I...0........X.
>>>      0080: E4 D1 22 9E 1D 9A 43 57   D0 B8 B6 87 02 A0 42 D3 .."...CW......B.
>>>      0090: A1 66 EB 04 5F 5F B7 3F   1F B9 1A 23 D1 79 A6 01 .f..__.?...#.y..
>>>      00A0: 9F CE 65 EE CD 04 B7 1A   38 2E 2A 7B F3 0E F6 F8 ..e.....8.*.....
>>>      00B0: 5F D3 8F E5 5E 83 89 FD   97 17 9D C4 81 99 9A AB _...^...........
>>>      00C0: 83 EC E5 C5 68 0A E2 D5   CF D0 70 D9 D5 BE C4 16 ....h.....p.....
>>>      00D0: 37 E2 2D 86 2C 53 95 C8   D9 EE 9F E4 32 35 DE FE 7.-.,S......25..
>>>      00E0: D8 5D 78 BC 6E 2C 98 90   03 0B F4 CF 36 20 6E F1 .]x.n,......6 n.
>>>      00F0: F9 3B 05 C1 3E 17 2A 7B   11 39 6D 59 82 A8 61 9C .;..>.*..9mY..a.
>>>    },
>>>  }
>>> }
>>> )
>>> 
>>> Xuelei

More information about the security-dev mailing list