RFR: 8044609: javax.net.debug options not working and documented as expected [v4]
Sean Coffey
coffeys at openjdk.org
Mon Jul 15 13:39:27 UTC 2024
> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation was introduced many years ago.
>
> Where "ssl" was previously a value to obtain all TLS debug traces (except network type dumps, verbose data), it now prints only a few lines for a standard client TLS connection.
>
> The property parsing was also lax and allowed users to declare verbose logging options by themselves where the documentation stated that such verbose options were only meant to be used in conjunction with other TLS options :
>
>
> System.err.println("help print the help messages");
> System.err.println("expand expand debugging information");
> System.err.println();
> System.err.println("all turn on all debugging");
> System.err.println("ssl turn on ssl debugging");
> System.err.println();
> System.err.println("The following can be used with ssl:");
> System.err.println("\trecord enable per-record tracing");
> System.err.println("\thandshake print each handshake message");
> System.err.println("\tkeygen print key generation data");
> System.err.println("\tsession print session activity");
> System.err.println("\tdefaultctx print default SSL initialization");
> System.err.println("\tsslctx print SSLContext tracing");
> System.err.println("\tsessioncache print session cache tracing");
> System.err.println("\tkeymanager print key manager tracing");
> System.err.println("\ttrustmanager print trust manager tracing");
> System.err.println("\tpluggability print pluggability tracing");
> System.err.println();
> System.err.println("\thandshake debugging can be widened with:");
> System.err.println("\tdata hex dump of each handshake message");
> System.err.println("\tverbose verbose handshake message printing");
> System.err.println();
> System.err.println("\trecord debugging can be widened with:");
> System.err.println("\tplaintext hex dump of record plaintext");
> System.err.println("\tpacket print raw SSL/TLS packets");
>
>
> as part of this patch, I've also moved the log call to the more performant friendly `System.Logger#log(java.lang.System.Logger.Level,java.util.function.Supplier)` method.
>
> the output has changed slightly with respect to that - less verbose
>
> e.g. old style:
>
>
> javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:24.302 GMT|SSLSocketOut...
Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains ten additional commits since the last revision:
- Merge branch 'master' into 8044609-ssl
- Merge branch 'master' into 8044609-ssl
- all ssl mode only if ssl specified by itself
- Merge branch 'master' into 8044609-ssl
- indentation
- Allow ssl,<option> type syntax as currently done. Improve test case coverage
- Tighten up ssl parsing
- remove file
- Initial commit
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/18764/files
- new: https://git.openjdk.org/jdk/pull/18764/files/1c4250ab..e7d42d4d
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=18764&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=18764&range=02-03
Stats: 123607 lines in 2810 files changed: 78066 ins; 31437 del; 14104 mod
Patch: https://git.openjdk.org/jdk/pull/18764.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18764/head:pull/18764
PR: https://git.openjdk.org/jdk/pull/18764
More information about the security-dev
mailing list