Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8210474

New JSSE Debugging output needs work

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P3 P3
    • None
    • 11
    • security-libs
    • None

      The debugging in general is generating confusing debug info:

      javax.net.ssl|ALL|01|main|2018-09-06 14:29:55.891 PDT|SSLEngineImpl.java:743|Closing outbound of SSLEngine
      javax.net.ssl|DEBUG|01|main|2018-09-06 14:22:14.368 PDT|SSLEngineOutputRecord.java:507|WRITE: TLS13 alert, length = 2
      javax.net.ssl|DEBUG|01|main|2018-09-06 14:22:14.384 PDT|SSLCipher.java:2020|Plaintext before ENCRYPTION (
        0000: 01 00 15 ...
      )
      ...deleted...
      javax.net.ssl|DEBUG|01|main|2018-09-06 15:30:19.251 PDT|SSLEngineInputRecord.java:177|Raw read (
        0000: 17 03 03 00 13 11 97 FA B6 F2 47 51 37 80 B7 93 ..........GQ7...
        0010: FC 8F C8 25 24 7F 79 B6 ...%$.y.
      )
      javax.net.ssl|DEBUG|01|main|2018-09-06 15:30:19.251 PDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 application_data, length = 19
      javax.net.ssl|DEBUG|01|main|2018-09-06 15:30:19.252 PDT|SSLCipher.java:1915|Plaintext after DECRYPTION (
        0000: 01 00 ..
      )
      javax.net.ssl|DEBUG|01|main|2018-09-06 15:30:19.261 PDT|Alert.java:232|Received alert message (
      "Alert": {
        "level" : "warning",
        "description": "close_notify"
      }
      )

      Note that:

          1. The outbound TLS13 alert is 2 bytes, but doesn't say what it is. No warning/fatal level and alert number/description
          2. The Plaintext before Encryption is 3 bytes. I figured out that it's because of the way plaintext is enciphered, but as someone debugging, this is very hard to follow why we suddenly have 3 bytes here.
          3. The inbound plaintext message has 2 bytes, which doesn't match the three bytes above.

      More generally, we used to have the following style for debugging crypto/handshake/etc. problems. Can we please have it back?

      Handshake message
      full plaintext message before encryption
      raw/full write generated

      e.g.
      *** Finished
      verify_data: { 119, 217, 11, 203, 185, 129, 21, 215, 87, 28, 118, 121 }
      ***
      main, WRITE: TLSv1.2 Handshake, length = 16
      Padded plaintext before ENCRYPTION: len = 16
      0000: 14 00 00 0C 77 D9 0B CB B9 81 15 D7 57 1C 76 79 ....w.......W.vy
      [Raw write]: length = 45
      0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 C4 82 50 ....(..........P
      0010: 2F D4 BA A9 81 38 4A AC DA 14 F8 2E 88 E0 14 ED /....8J.........
      0020: 64 84 E2 6B 68 F2 D6 C5 8C 11 A2 D1 0D d..kh........

      ...and...

      raw/full read generated
      full plaintext message after decryption
      parsed Handshake message

      e.g.
      [Raw read]: length = 45
      0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 C4 82 50 ....(..........P
      0010: 2F D4 BA A9 81 38 4A AC DA 14 F8 2E 88 E0 14 ED /....8J.........
      0020: 64 84 E2 6B 68 F2 D6 C5 8C 11 A2 D1 0D d..kh........
      main, READ: TLSv1.2 Handshake, length = 40
      Padded plaintext after DECRYPTION: len = 16
      0000: 14 00 00 0C 77 D9 0B CB B9 81 15 D7 57 1C 76 79 ....w.......W.vy
      *** Finished
      verify_data: { 119, 217, 11, 203, 185, 129, 21, 215, 87, 28, 118, 121 }
      ***

        There are no Sub-Tasks for this issue.

            wetmore Bradford Wetmore
            wetmore Bradford Wetmore
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: