Debugging Utilities
IBMJSSE2 provides dynamic debug tracing support. This is similar
to the support used for debugging access control failures in the Java™ 2 platform. The generic Java dynamic debug tracing support
is accessed with the system property
java.security.debug
,
while the JSSE-specific dynamic debug tracing support is accessed
with the system property javax.net.debug
. Note: The
debug utility is not an officially supported feature of JSSE.
To view the options of the JSSE dynamic debug utility, use the following command-line option on
the
java
command: -Djavax.net.debug=help
Note: If you specify the value
help
with either dynamic
debug utility when running a program that does not use any classes
that the utility was designed to debug, you will not get the debugging
options.Here is a complete example of how to get a list of the debug options:
java -Djavax.net.debug=help MyApp
where MyApp is
an application that uses some of the JSSE classes. MyApp will
not run after the debug help information is printed, as the help code
causes the application to exit.Here are the current options:
Option | Description |
---|---|
all | turn on all debugging |
true | turn on all debugging |
ssl | turn on ssl debugging |
The following can be used with ssl:
Option | Description |
---|---|
record | enable per-record tracing |
handshake | print each handshake message |
keygen | print key generation data |
session | print session activity |
defaultctx | print default SSL initialization |
sslctx | print SSLContext tracing |
sessioncache | print session cache tracing |
keymanager | print key manager tracing |
trustmanager | print trust manager tracing |
Handshake debugging can be widened with:
Option | Description |
---|---|
data | hex dump of each handshake message |
verbose | verbose handshake message printing |
Record debugging can be widened with:
Option | Description |
---|---|
plaintext | hex dump of record plaintext |
packet | print raw SSL or TLS packets |
The javax.net.debug
property value must specify either all
,
true
or ssl
, optionally followed by debug specifiers. You can use
one or more options. You do not have to have a separator between options, although a
separator such as a colon (:) or comma (,) helps readability. It doesn't matter what separators you
use, and the ordering of the option keywords is also not important.
Examples
- To view all debugging messages:
java -Djavax.net.debug=all MyApp
- To view the hexadecimal dumps of each handshake message, you can type the following command,
where the colons are optional:
java -Djavax.net.debug=ssl:handshake:data MyApp
- To view the hexadecimal dumps of each handshake message, and to print trust manager tracing, you
can type the following, where the commas are optional:
java -Djavax.net.debug=SSL,handshake,data,trustmanager MyApp