On Tue, 15 Oct 2024 15:01:28 GMT, Sean Coffey <[email protected]> wrote:
>> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
>> was introduced many years ago.
>>
>> Where "ssl" was previously a value to obtain all TLS debug traces (except
>> network type dumps, verbose data), it now prints only a few lines for a
>> standard client TLS connection.
>>
>> The property parsing was also lax and allowed users to declare verbose
>> logging options by themselves where the documentation stated that such
>> verbose options were only meant to be used in conjunction with other TLS
>> options :
>>
>>
>> System.err.println("help print the help messages");
>> System.err.println("expand expand debugging information");
>> System.err.println();
>> System.err.println("all turn on all debugging");
>> System.err.println("ssl turn on ssl debugging");
>> System.err.println();
>> System.err.println("The following can be used with ssl:");
>> System.err.println("\trecord enable per-record tracing");
>> System.err.println("\thandshake print each handshake message");
>> System.err.println("\tkeygen print key generation data");
>> System.err.println("\tsession print session activity");
>> System.err.println("\tdefaultctx print default SSL
>> initialization");
>> System.err.println("\tsslctx print SSLContext tracing");
>> System.err.println("\tsessioncache print session cache tracing");
>> System.err.println("\tkeymanager print key manager tracing");
>> System.err.println("\ttrustmanager print trust manager tracing");
>> System.err.println("\tpluggability print pluggability tracing");
>> System.err.println();
>> System.err.println("\thandshake debugging can be widened with:");
>> System.err.println("\tdata hex dump of each handshake
>> message");
>> System.err.println("\tverbose verbose handshake message
>> printing");
>> System.err.println();
>> System.err.println("\trecord debugging can be widened with:");
>> System.err.println("\tplaintext hex dump of record plaintext");
>> System.err.println("\tpacket print raw SSL/TLS packets");
>>
>>
>> as part of this patch, I've also moved the log call to the more performant
>> friendly
>> `System.Logger#log(java.lang.System.Logger.Level,java.util.function.Supplier)`
>> method.
>>
>> the output has changed slightly with respect to that - less verbose
>>
>> e.g. old...
>
> Sean Coffey has updated the pull request with a new target base due to a
> merge or a rebase. The pull request now contains 13 commits:
>
> - Merge branch 'master' into 8044609-ssl
> - update test to comply with new debug output requirements
> - Remove pluggability help reference
> - Merge branch 'master' into 8044609-ssl
> - Merge branch 'master' into 8044609-ssl
> - Merge branch 'master' into 8044609-ssl
> - all ssl mode only if ssl specified by itself
> - Merge branch 'master' into 8044609-ssl
> - indentation
> - Allow ssl,<option> type syntax as currently done. Improve test case
> coverage
> - ... and 3 more: https://git.openjdk.org/jdk/compare/6ed6dff2...c44d524c
Two minor copyright changes.
test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java line 115:
> 113: "-Dtest.src=" + System.getProperty("test.src") +
> 114: " -Dtest.jdk=" +
> System.getProperty("test.jdk") +
> 115: " -Djavax.net.debug=ssl" +
Copyright Date update.
test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java line 131:
> 129: "-Dtest.src=" + System.getProperty("test.src") +
> 130: " -Dtest.jdk=" +
> System.getProperty("test.jdk") +
> 131: " -Djavax.net.debug=ssl" +
Copyright update 2024.
-------------
PR Review: https://git.openjdk.org/jdk/pull/18764#pullrequestreview-2422920593
PR Review Comment: https://git.openjdk.org/jdk/pull/18764#discussion_r1833848918
PR Review Comment: https://git.openjdk.org/jdk/pull/18764#discussion_r1833852041
