Debug Tracing for JSSE

by Todd Sundsted

July 19, 2002 —

Security is typically beneficial. However, adding a security layer to a
protocol also adds to the number of places where problems can occur, and
makes debugging failures more difficult. For these reasons, and because
it's sometimes nice to be able to peek under the covers, JSSE (Java
Secure Sockets Extension) provides debug tracing support.

Debug tracing support is enabled and controlled through the system
property "javax.net.debug", which can be set either programmatically or
via the command line. The property's value controls debug tracing
behavior.

The property value must include the string "ssl" followed by one or more
of the following modifiers:

* record -- enable per-record tracing
* handshake -- print each handshake message
* keygen -- print key generation data
* session -- print session activity
*defaultctx -- print default SSL initialization
* sslctx -- print SSLContext tracing
* sessioncache -- print session cache tracing
* keymanager -- print key manager tracing
* trustmanager -- print trust manager tracing

The "record" modifier can be further modified by:

* plaintext -- print hex dump of record plaintext

The "handshake" modifier can be further modified by one or more of the
following:

* data -- print hex dump of each handshake message
* verbose -- verbose handshake message printing

Values can be separated by a delimiter, such as a comma. The delimiter
is not required, but does enhance readability. The special value "all"
is equivalent to setting all of the above modifiers.

The following example demonstrates how to turn on and use debug tracing
in an application using JSSE:

* java -Djavax.net.debug=all,record,plaintext Main

ITworld