JDK-8133816 : Display extra SSLServerSocket info in debug mode
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 9
  • Priority: P4
  • Status: In Progress
  • Resolution: Unresolved
  • OS: generic
  • CPU: generic
  • Submitted: 2015-08-18
  • Updated: 2022-08-17
Related Reports
Relates :  
JDK-8133741 - Unable to setup ECDHE_ECDSA cipher suites
Description
Currently the JDK prints client enabled ciphersuites in debug mode when a ClientHello message is encountered. We don't have anything similar for server side debugging. At times we run into "no ciphersuites in common" errors. It would be useful in such cases to see a list of Ciphersuites used by server socket.
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/9731 Date: 2022-08-03 15:40:54 +0000
17-08-2022
we also need to improve the trySetCipherSuite and setupPrivateKeyAndChain methods and their debug messages used during Server handshake. Worked a recent cause where alot of confusion was seen in this area. A "no ciphersuites in common" exception was thrown. Root cause appears to be that RSA signed EC-key certs cannot be used for ECDHE_ECDSA cipher suites. Nothing in debug output suggested that to be an issue. I'll ensure we get better messaging in the JDK. JDK-8136442 was also logged to ensure that JDK is more compliant with TLSv1.2
07-10-2015