I'd found this feature not in third-party libs, sniffer applications, firewalls, etc. The miracle was in
Java Secure Socket Extension (JSSE) do provides dynamic debug tracing support.
JVM parameter -Djavax.net.debug with these options is a magic wand:
all turn on all debugging
ssl turn on ssl debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
sessionprint session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
handshake print each handshake message
keygen print key generation data
sessionprint session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
packet print raw SSL/TLS packets
packet print raw SSL/TLS packets
Run this and you'll see everything:
java -Djavax.net.debug=all MyApp
All the stuff for this post has been frankly stolen from here. And real nerds would be interested in detailed SSL/TLS debugging.
P.S.
SSL debug utility is not an officially supported feature of JSSE..
0 comments:
Post a Comment