Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8044609

javax.net.debug "ssl" options are not working and documented as expected.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 13
    • Component/s: security-libs
    • Labels:
      None

      Description

      Updated 2018/09/05:

      While looking over the JSSE docs for JDK 11, I noticed that our debugging output and docs needs work. Here's the current state I noticed.

      1. The pluggability keyword should be removed from the usage help message.
      2. The sessioncache keyword is no longer used. Our impl should be updated to report when sessions are managed.
      3. The keygen keyword is no longer used, and our impl should be updated when keys are generated.
      4. The respmgr (response manager) keyword is used, but never defined in the usage.

      The remainder is historical information.

      We are trying to produce guidelines for reducing the amount of JSSE debug data output. "all" is our general recommendation, but there are occasions when smaller amounts of data are useful. Our current documentation says:

      % java -Djavax.net.debug=help MyClass

      says:

      all turn on all debugging
      ssl turn on ssl debugging

      The following can be used with ssl:
          record enable per-record tracing
          handshake print each handshake message
          keygen print key generation data
          session print session activity
          defaultctx print default SSL initialization
          sslctx print SSLContext tracing
          sessioncache print session cache tracing
          keymanager print key manager tracing
          trustmanager print trust manager tracing
          pluggability print pluggability tracing

      handshake debugging can be widened with

          data hex dump of each handshake message
          verbose verbose handshake message printing

      record debugging can be widened with:
          plaintext hex dump of record plaintext
          packet print raw SSL/TLS packets

      Our usage pattern is like this:

          static final Debug debug = Debug.getInstance("ssl");

          if (debug != null && Debug.isOn("verbose")) {

      Once "ssl" is turned on, all of the following options are turned on by default and there is no way to turn them off:

          record enable per-record tracing
          handshake print each handshake message
          keygen print key generation data
          session print session activity
          defaultctx print default SSL initialization
          sslctx print SSLContext tracing
          sessioncache print session cache tracing
          keymanager print key manager tracing
          trustmanager print trust manager tracing
          pluggability print pluggability tracing
          verbose verbose handshake message printing

      This is not at all what I was expecting.

      For fixing, we could add a "+" "-" option to turn on/off, and leave the current values in place.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                wetmore Bradford Wetmore
                Reporter:
                wetmore Bradford Wetmore
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: