RFR: 8133816: Display extra SSLServerSocket info in debug mode [v3]

Weibing Xiao duke at openjdk.org
Wed Aug 24 20:41:34 UTC 2022


On Tue, 23 Aug 2022 21:48:46 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> I think Weibing is trying to achieve a balance here - the current TLS logs are quite verbose. I'm not sure if we need verbose SSLServerSocket info for every server socket operation. The current approach is to print the SSLServerSocket details when a handshake fails due to a ciphersuite/keyexchange config issue
>
> Thanks for the comments.  I'm not sure if it is really helpful for developers to understand and debug the failure by reading the additionally dumped cipher suites and/or key exchange configuration.  Given the server cipher suites TLS_AES_128_GCM_SHA256, can one really know the failure reason exactly?

The cipher suite enabled on the server side is not logged when "no common in cipher suites" error is thrown. Hope the developer could find the difference in the cipher suites between client and server.

-------------

PR: https://git.openjdk.org/jdk/pull/9731


More information about the security-dev mailing list