RFR: 8044609: javax.net.debug options not working and documented as expected [v27]
Bradford Wetmore
wetmore at openjdk.org
Thu Feb 5 20:21:54 UTC 2026
On Wed, 4 Feb 2026 15:59:33 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLLogger.java line 239:
>>
>>> 237: " all non-widening filters are enabled.%n%n");
>>> 238: System.err.printf("%nAdding valid filter options to \"ssl\" will log" +
>>> 239: " messages to include%njust those filtered categories.%n");
>>
>> So the intended behavior is the following:
>>
>> If we have code like this:
>>
>>> if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
>>
>> then setting `javax.net.debug=ssl` or `ssl,trustmanager`, it will always output this logging statement.
>>
>> But if we have code like this:
>>
>>> if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
>>
>> then `javax.net.debug=ssl` will output this (because only `ssl` was enabled), but `javax.net.debug=ssl,keymanager` will not. That's because `keymanager` is a valid name, thus only the `SSL` and `KEYMANAGER` options will print).
>>
>> So we need to make sure that everything `SSL` and non-`SSL` is categorized correctly, which will be the focus of [JDK-8344158](https://bugs.openjdk.org/browse/JDK-8344158).
>>
>> The wording here needs a slight update, and I'm not quite sure how to word this. Ideas? :)
>>
>> Adding valid filter options to ssl will output the high-level SSL/TLS debug
>> messages, plus only those messages in the specified categories.
>
> yes, that's the logic in use now. The sub-component options need to be regarded as filters.
>
> regards the wording, it's hard to chose the best description. What's there accurate in some respect.
> How about:
>
> `Specifying filter options with "ssl" includes messages for the selected categories, as well as all general SSL debug messages.`
Maybe:
`Specifying filter options with "ssl" only includes messages for the selected categories, plus the general SSL debug messages.`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18764#discussion_r2770980414
More information about the security-dev
mailing list