RFR: 8133816: Display extra SSLServerSocket info in debug mode [v3]
Sean Coffey
coffeys at openjdk.org
Tue Aug 23 20:12:43 UTC 2022
On Thu, 18 Aug 2022 15:36:43 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Intend to log all of the collected information in one place. It is easy for the developer to see the configuration of the server socket. Previously when the handshake is failing, no information is available for the server socket in the log file.
>
> So, do you want to make the log where the configuration happens? Logging in one place cannot have the accuracy debug log where the problem happens, and cannot easy the analysis of the debug. One just gets the configuration information, but did not get the code line numbers and processes why the information is not good. We can have all log in one place for the TLS implementation, and tell the log reader to analysis the configuration by himself, but the style was not chosen because more debug information was expected to carry in the log.
I think Weibing is trying to achieve a balance here - the current TLS logs are quite verbose. I'm not sure if we need verbose SSLServerSocket info for every server socket operation. The current approach is to print the SSLServerSocket details when a handshake fails due to a ciphersuite/keyexchange config issue
-------------
PR: https://git.openjdk.org/jdk/pull/9731
More information about the security-dev
mailing list