RFR: 8044609: javax.net.debug options not working and documented as expected [v26]

Wed Jan 28 16:23:11 UTC 2026

On Tue, 27 Jan 2026 11:44:06 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

>> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation was introduced many years ago.
>> 
>> Where "ssl" was previously a value to obtain all TLS debug traces (except network type dumps, verbose data), it now prints only a few lines for a standard client TLS connection. 
>> 
>> The property parsing was also lax and allowed users to declare verbose logging options by themselves where the documentation stated that such verbose options were only meant to be used in conjunction with other TLS options :
>> 
>> 
>>         System.err.println("help           print the help messages");
>>         System.err.println("expand         expand debugging information");
>>         System.err.println();
>>         System.err.println("all            turn on all debugging");
>>         System.err.println("ssl            turn on ssl debugging");
>>         System.err.println();
>>         System.err.println("The following can be used with ssl:");
>>         System.err.println("\trecord       enable per-record tracing");
>>         System.err.println("\thandshake    print each handshake message");
>>         System.err.println("\tkeygen       print key generation data");
>>         System.err.println("\tsession      print session activity");
>>         System.err.println("\tdefaultctx   print default SSL initialization");
>>         System.err.println("\tsslctx       print SSLContext tracing");
>>         System.err.println("\tsessioncache print session cache tracing");
>>         System.err.println("\tkeymanager   print key manager tracing");
>>         System.err.println("\ttrustmanager print trust manager tracing");
>>         System.err.println("\tpluggability print pluggability tracing");
>>         System.err.println();
>>         System.err.println("\thandshake debugging can be widened with:");
>>         System.err.println("\tdata         hex dump of each handshake message");
>>         System.err.println("\tverbose      verbose handshake message printing");
>>         System.err.println();
>>         System.err.println("\trecord debugging can be widened with:");
>>         System.err.println("\tplaintext    hex dump of record plaintext");
>>         System.err.println("\tpacket       print raw SSL/TLS packets");
>> 
>> 
>> as part of this patch, I've also moved the log call to the more performant friendly `System.Logger#log(java.lang.System.Logger.Level,java.util.function.Supplier)` method. 
>> 
>> the output has changed slightly with respect to that  - less verbose
>> 
>> e.g. old...
>
> Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 48 commits:
> 
>  - correct NamedGroup.java merge
>  - Merge branch 'master' into 8044609-ssl
>  - fix up test bug ID
>  - fix up files post merge
>  - Merge branch 'master' into 8044609-ssl
>  - prep for isOn() merge
>  - Merge branch 'master' into 8044609-ssl
>  - Merge branch 'master' into 8044609-ssl
>  - Merge branch 'master' into 8044609-ssl
>  - Incorporate review comments from Brad
>  - ... and 38 more: https://git.openjdk.org/jdk/compare/c69275dd...6b5c692c

Thanks for the review comments to date Brad. I've fixed up most issues that you highlighted - left comments inline.

-------------

PR Review: https://git.openjdk.org/jdk/pull/18764#pullrequestreview-3717613276