RFR: 8133816: Display extra SSLServerSocket info in debug mode

[Xue-Lei Andrew Fan]

On Wed, 3 Aug 2022 15:40:54 GMT, Weibing Xiao <duke at openjdk.org> wrote:

> Log the debugging info for server cipher suites when setting javax.net.debug == ssl, handshake.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 409:

> 407:             if (shc.sslConfig.preferLocalCipherSuites) {
> 408:                 preferred = shc.activeCipherSuites;
> 409:                 proposed = clientHello.cipherSuites;

Instead of wrapping all information in one block, I may prefer to break down and place them in the close place where is happens.

I may dump the debug log here for cipher suite preference and server activated cipher suites.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 416:

> 414: 
> 415:             List<CipherSuite> legacySuites = new LinkedList<>();
> 416:             boolean CSFound = false;

This variable may be not necessary if the debug log has been broken down into multiple place.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 420:

> 418:                 if (!HandshakeContext.isNegotiable(
> 419:                         proposed, shc.negotiatedProtocol, cs)) {
> 420:                     continue;

I may add a debug log that the cipher suite is not negotiable her for the protocol.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 438:

> 436: 
> 437:                 if (ke == null) {
> 438:                     continue;

I may add a debug log here that the key exchange is not good for the cipher suite and protocol.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 447:

> 445:                     continue;
> 446:                 }
> 447: 

I may not remove this blank line.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 449:

> 447:                 SSLPossession[] hcds = ke.createPossessions(shc);
> 448:                 if ((hcds == null) || (hcds.length == 0)) {
> 449:                     continue;

I may add a debug log here that the cipher suite is legacy.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 452:

> 450:                     SSLLogger.fine("use cipher suite " + cs.name);
> 451:                 }
> 452: 

I may not remove this blank line.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 461:

> 459:                 SSLKeyExchange ke = SSLKeyExchange.valueOf(
> 460:                         cs.keyExchange,  shc.negotiatedProtocol);
> 461: 

I may not add this extra line.

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 472:

> 470: 
> 471:             throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
> 472:                     "no cipher suites in common");

As there are detailed negotiation debug log, I may just update this line from "no cipher suites in common" to "no cipher suites or key exchange algorithms in common"

src/java.base/share/classes/sun/security/ssl/ServerHello.java line 757:

> 755:             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
> 756:                 printServerSocketConfig(shc, null);
> 757:             }

Similarly, I may break down the debug log closer to the actions.

-------------

PR: https://git.openjdk.org/jdk/pull/9731