RFR: 8366364: Address inconsistencies in SSLParameters object returned by SSLConfiguration#getSSLParameters() call [v3]
Jamil Nimeh
jnimeh at openjdk.org
Tue Oct 28 20:27:25 UTC 2025
On Tue, 28 Oct 2025 19:54:28 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 427:
>>
>>> 425: var ss = SignatureScheme.nameOf(name);
>>> 426: if (ss == null && SSLLogger.isOn
>>> 427: && SSLLogger.isOn("ssl,handshake")) {
>>
>> Do you need both `SSLLogger.isOn` and the isOn check for ssl,handshake? The latter check appears to only return true if it is both on and those flags have been set.
>
> Good catch! That's how we do it throughout SSL code and I just followed that :) Coincidently, I recently was thinking why we need to do all this checks every time we log instead of specifying the log options as a parameter, and here I have just found `SSLLogger.logWarning` method that does just that.
I agree, it would be nice to at least have a single method that does the enabled-or-not checking and can have the look and feel of either a println or a format. But that's something to be done in another fix. If you want to leave it as-is to follow convention I'm fine with that, and we can examine a friendlier way to do logging separately.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27961#discussion_r2470938885
More information about the security-dev
mailing list