JDK-8165688 : Debug log enhancement for cipher suite selection
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 9
  • Priority: P4
  • Status: Closed
  • Resolution: Not an Issue
  • OS: generic
  • CPU: generic
  • Submitted: 2016-09-08
  • Updated: 2019-06-21
  • Resolved: 2019-06-21
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Related Reports
Relates :  
TLS configuration is notoriously difficult for our customers to debug/diagnose.  The cipher suite selection log is too simple to debug at present.  For every refused cipher suite, we can log the reason.  There are many "return false" in the cipher suite selection code.  We can add a log about the reason to return false.

The debug logging may be more verbose, but it is a worthy effort as the TLS/DTLS is getting more complicated and harder to debug.
There are a few debug log enhancement in JDK 11.