RFR: 8044609: javax.net.debug options not working and documented as expected [v20]

Sean Coffey coffeys at openjdk.org
Tue Sep 16 12:49:17 UTC 2025 

On Fri, 12 Sep 2025 01:08:21 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:

>> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Further review comments, copyright years also
>
> src/java.base/share/classes/sun/security/ssl/SSLLogger.java line 217:
> 
>> 215:                 "print each handshake message");
>> 216:         System.err.printf("      %-12s   %s%n", "verbose",
>> 217:                 "-verbose handshake message printing (widens handshake)");
> 
> Minor nit.  Having "-" at the beginning of the textual description on these "wideners" looks odd to my eye.  "-" are usually for in front of the command args.  e.g.  
> 
>     The following filters can be used with ssl:
>         ....
>         handshake      print each handshake message
>           verbose        -verbose handshake message printing (widens handshake)
>         record         enable per-record tracing
>           packet         -print raw SSL/TLS packets (widens record)
>           plaintext      -hex dump of record plaintext (widens record)

Thanks Brad. I remove the "-"

> src/java.base/share/classes/sun/security/ssl/SSLLogger.java line 236:
> 
>> 234:         System.err.printf("    %-14s %s%n", "trustmanager",
>> 235:                 "print trust manager tracing");
>> 236:         System.err.println();
> 
> Do we want to include something like this at the bottom?:
> 
>> Adding filters to "ssl" will filter log messages to include just those categories.  If "ssl" is specified by itself, all non-widening filters are enabled.

how about this ?


help             print this help message and exit
expand           expanded (less compact) output format

all              turn on all debugging
ssl              turn on ssl debugging

The following filters can be used with ssl:
    defaultctx     print default SSL initialization
    handshake      print each handshake message
      verbose        verbose handshake message printing (widens handshake)
    keymanager     print key manager tracing
    record         enable per-record tracing
      packet         print raw SSL/TLS packets (widens record)
      plaintext      hex dump of record plaintext (widens record)
    respmgr        print OCSP response tracing
    session        print session activity
    sessioncache   print session cache tracing
    sslctx         print SSLContext tracing
    trustmanager   print trust manager tracing

Adding valid filter options to "ssl" will log messages to include
just those filtered categories.

If "ssl" is specified by itself, all non-widening filters are enabled.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18764#discussion_r2352175500
PR Review Comment: https://git.openjdk.org/jdk/pull/18764#discussion_r2352171473

More information about the security-dev mailing list