RFR: 8133816: Display extra SSLServerSocket info in debug mode [v3]

Xue-Lei Andrew Fan xuelei at openjdk.org
Tue Aug 23 21:52:39 UTC 2022


On Tue, 23 Aug 2022 20:03:19 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

>> So, do you want to make the log where the configuration happens?  Logging in one place cannot have the accuracy debug log where the problem happens, and cannot easy the analysis of the debug.  One just gets the configuration information, but did not get the code line numbers and processes why the information is not good.  We can have all log in one place for the TLS implementation, and tell the log reader to analysis the configuration by himself, but the style was not chosen because more debug information was expected to carry in the log.
>
> I think Weibing is trying to achieve a balance here - the current TLS logs are quite verbose. I'm not sure if we need verbose SSLServerSocket info for every server socket operation. The current approach is to print the SSLServerSocket details when a handshake fails due to a ciphersuite/keyexchange config issue

Thanks for the comments.  I'm not sure if it is really helpful for developers to understand and debug the failure by reading the additionally dumped cipher suites and/or key exchange configuration.  Given the server cipher suites TLS_AES_128_GCM_SHA256, can one really know the failure reason exactly?

-------------

PR: https://git.openjdk.org/jdk/pull/9731


More information about the security-dev mailing list