Details
-
Bug
-
Resolution: Unresolved
-
P3
-
None
-
None
-
generic
-
generic
Description
Updated 2018/09/05:
While looking over the JSSE docs for JDK 11, I noticed that our debugging output and docs needs work. Here's the current state I noticed.
1. The pluggability keyword should be removed from the usage help message.
2. The sessioncache keyword is no longer used. Our impl should be updated to report when sessions are managed.
3. The keygen keyword is no longer used, and our impl should be updated when keys are generated.
4. The respmgr (response manager) keyword is used, but never defined in the usage.
The remainder is historical information.
We are trying to produce guidelines for reducing the amount of JSSE debug data output. "all" is our general recommendation, but there are occasions when smaller amounts of data are useful. Our current documentation says:
% java -Djavax.net.debug=help MyClass
says:
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
handshake debugging can be widened with
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
packet print raw SSL/TLS packets
Our usage pattern is like this:
static final Debug debug = Debug.getInstance("ssl");
if (debug != null && Debug.isOn("verbose")) {
Once "ssl" is turned on, all of the following options are turned on by default and there is no way to turn them off:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
verbose verbose handshake message printing
This is not at all what I was expecting.
For fixing, we could add a "+" "-" option to turn on/off, and leave the current values in place.
While looking over the JSSE docs for JDK 11, I noticed that our debugging output and docs needs work. Here's the current state I noticed.
1. The pluggability keyword should be removed from the usage help message.
2. The sessioncache keyword is no longer used. Our impl should be updated to report when sessions are managed.
3. The keygen keyword is no longer used, and our impl should be updated when keys are generated.
4. The respmgr (response manager) keyword is used, but never defined in the usage.
The remainder is historical information.
We are trying to produce guidelines for reducing the amount of JSSE debug data output. "all" is our general recommendation, but there are occasions when smaller amounts of data are useful. Our current documentation says:
% java -Djavax.net.debug=help MyClass
says:
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
handshake debugging can be widened with
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
packet print raw SSL/TLS packets
Our usage pattern is like this:
static final Debug debug = Debug.getInstance("ssl");
if (debug != null && Debug.isOn("verbose")) {
Once "ssl" is turned on, all of the following options are turned on by default and there is no way to turn them off:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
verbose verbose handshake message printing
This is not at all what I was expecting.
For fixing, we could add a "+" "-" option to turn on/off, and leave the current values in place.
Attachments
Issue Links
- csr for
-
JDK-8330987 javax.net.debug options not working and documented as expected
- Draft
- duplicates
-
JDK-8210430 Update SSL debug tracing option help
- Closed
- links to
-
Review(master) openjdk/jdk/18764