RFR: 8133816: Display extra SSLServerSocket info in debug mode

Weibing Xiao duke at openjdk.org
Thu Aug 18 13:52:17 UTC 2022


On Wed, 17 Aug 2022 14:27:15 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Log the debugging info for server cipher suites when setting javax.net.debug == ssl, handshake.
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 416:
> 
>> 414: 
>> 415:             List<CipherSuite> legacySuites = new LinkedList<>();
>> 416:             boolean CSFound = false;
> 
> This variable may be not necessary if the debug log has been broken down into multiple place.

There are two failing scenarios, one is "no common cipher suite" between the client and server and the other is the failure of key exchange after the server finds the shared cipher suites with the client. We are using the flag to give the developer a more specific error message.

-------------

PR: https://git.openjdk.org/jdk/pull/9731


More information about the security-dev mailing list