> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
> was introduced many years ago.
>
> Where "ssl" was previously a value to obtain all TLS debug traces (except
> network type dumps, verbose data), it now prints only a few lines for a
> standard client TLS connection.
>
> The property parsing was also lax and allowed users to declare verbose
> logging options by themselves where the documentation stated that such
> verbose options were only meant to be used in conjunction with other TLS
> options :
>
>
> System.err.println("help print the help messages");
> System.err.println("expand expand debugging information");
> System.err.println();
> System.err.println("all turn on all debugging");
> System.err.println("ssl turn on ssl debugging");
> System.err.println();
> System.err.println("The following can be used with ssl:");
> System.err.println("\trecord enable per-record tracing");
> System.err.println("\thandshake print each handshake message");
> System.err.println("\tkeygen print key generation data");
> System.err.println("\tsession print session activity");
> System.err.println("\tdefaultctx print default SSL initialization");
> System.err.println("\tsslctx print SSLContext tracing");
> System.err.println("\tsessioncache print session cache tracing");
> System.err.println("\tkeymanager print key manager tracing");
> System.err.println("\ttrustmanager print trust manager tracing");
> System.err.println("\tpluggability print pluggability tracing");
> System.err.println();
> System.err.println("\thandshake debugging can be widened with:");
> System.err.println("\tdata hex dump of each handshake
> message");
> System.err.println("\tverbose verbose handshake message
> printing");
> System.err.println();
> System.err.println("\trecord debugging can be widened with:");
> System.err.println("\tplaintext hex dump of record plaintext");
> System.err.println("\tpacket print raw SSL/TLS packets");
>
>
> as part of this patch, I've also moved the log call to the more performant
> friendly
> `System.Logger#log(java.lang.System.Logger.Level,java.util.function.Supplier)`
> method.
>
> the output has changed slightly with respect to that - less verbose
>
> e.g. old style:
>
>
> javax.net.ssl|DEBUG|10|main|2024-04-12 15:47:24.302 GMT|SSLSocketOut...
Sean Coffey has updated the pull request with a new target base due to a merge
or a rebase. The pull request now contains 40 commits:
- Merge branch 'master' into 8044609-ssl
- Incorporate review comments from Brad
- Merge branch 'master' into 8044609-ssl
- Further review comments, copyright years also
- Initial review comments from Brad
- Merge branch 'master' into 8044609-ssl
- 1 file omitted during merge
- Merge branch 'master' into 8044609-ssl
- Merge branch 'master' into 8044609-ssl
- Merge branch 'master' into 8044609-ssl
- ... and 30 more: https://git.openjdk.org/jdk/compare/47efe3c7...4d4af430
-------------
Changes: https://git.openjdk.org/jdk/pull/18764/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=18764&range=21
Stats: 1332 lines in 84 files changed: 483 ins; 87 del; 762 mod
Patch: https://git.openjdk.org/jdk/pull/18764.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18764/head:pull/18764
PR: https://git.openjdk.org/jdk/pull/18764
