RFR: 8262880: Add support for the NSS Key Log Format for SSL/TLS keys

SalusaSecondus github.com+829871+salusasecondus at openjdk.java.net
Thu Mar 18 21:29:40 UTC 2021


On Thu, 11 Mar 2021 16:33:10 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This is my implementation for [JDK-8262880](https://bugs.openjdk.java.net/browse/JDK-8262880) and enables creating of an SSL/TLS key log in the standardized [NSS Key Log Format](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). This is supported by many TLS implementations and also by several parsers such as Wireshark. Supporting this will greatly ease in debugging TLS problems.
>> 
>> (Note: I am covered by the Amazon corporate contribution agreement).
>
> It is not good practice to leave secret information in debug log. Also, it may be not a good practice to introduce new logger format, including file and NSS format, into the SSLLogger.  Someone also may want to introduce log format for MSS or XSS as well. Instead, please consider to make use of the features of Java Logger if you want to write the log to files, or use any special format.

@XueleiFan I'd really like to move this forward but I'm uncertain what changes you want me to make. This extra debugging information will be very valuable to those of us debugging Java TLS connections.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2896


More information about the security-dev mailing list