Using JVM flag
-Djavax.net.debug=ssl
is producing a tremendous ammount of logging, the details for every SSL event on the server. Is there anyway to only have it log errors? or possibly there is some better subset of these flags that produce tidier output
all turn on all debugging ssl turn on ssl debugging The following can be used with ssl: record enable per-record tracing handshake print each handshake message keygen print key generation data session print session activity defaultctx print default SSL initialization sslctx print SSLContext tracing sessioncache print session cache tracing keymanager print key manager tracing trustmanager print trust manager tracing pluggability print pluggability tracing handshake debugging can be widened with: data hex dump of each handshake message verbose verbose handshake message printing record debugging can be widened with: plaintext hex dump of record plaintext packet print raw SSL/TLS packets
To diagnose failures during the application phase, you must decrypt the SSL session using a utility, such as ssldump. You can enable SSL debug logging on the BIG-IP system, test SSL connections for the virtual server using a web browser or the OpenSSL client, and then review the debug log files.
Command-Line Properties for Enabling SSL Debuggingdebug=all property enables debug logging within the JSSE-based SSL implementation. The -Dssl. debug=true and -Dweblogic. StdoutDebugEnabled=true command-line properties enable debug logging of the SSL calling code within WebLogic Server.
About the SSL Debug Trace The SSL debug trace displays information about the following: Trusted certificate authorities. SSL server configuration information. Server identity (private key and digital certificate)
A Java program can be debugged simply by right clicking on the Java editor class file from Package explorer. Select Debug As → Java Application or use the shortcut Alt + Shift + D, J instead. Either actions mentioned above creates a new Debug Launch Configuration and uses it to start the Java application.
The format for using the additional ssl
flags is ssl:[flag]
for example:
-Djavax.net.debug=ssl:record
or -Djavax.net.debug=ssl:handshake
.
I also find that using -Djavax.net.debug=ssl
(or even its filters) to be too cumbersome for debugging HTTPS issues.
It's a little bit involved, but what I prefer to do is setup mitmproxy on a cheap server somewhere and then configure my Java clients to proxy through it. This way I can comfortably inspect and replay HTTPS request/response flows on the proxy without having to comb through a bunch of logs.
If you are you interested, I've written a guide on how to get this going: Debugging SSL in Java using mitmproxy
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With