Enable SSL debugging

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Enable SSL debugging

Sudha Duraiswamy
Hi,

I am using BouncyCastleFipsProvider() and JSSE in FIPS mode using

provider = new BouncyCastleFipsProvider("C:DEFRND[SHA256];HYBRID;ENABLE{ALL};");
bcJsseProvider = new BouncyCastleJsseProvider("fips:BCFIPS");

I am also using client authentication with SSL and when I start the application with "-Djavax.net.debug=all" arg, it doesn't seem to produce the SSL traffic.

How else can I enable SSL debugging?

Thanks,
Sudha
Reply | Threaded
Open this post in threaded view
|

Re: Enable SSL debugging

David Hook-3

The BCJSSE supports the use of Java logging. You can find some details
on that in the user guide for the API (which is available off the FIPS
Java download page).

Regards,

David
On 12/12/20 9:43 am, Sudha Duraiswamy wrote:

> Hi,
>
> I am using BouncyCastleFipsProvider() and JSSE in FIPS mode using
>
> provider = new
> BouncyCastleFipsProvider("C:DEFRND[SHA256];HYBRID;ENABLE{ALL};");
> bcJsseProvider = new BouncyCastleJsseProvider("fips:BCFIPS");
>
> I am also using client authentication with SSL and when I start the
> application with "-Djavax.net.debug=all" arg, it doesn't seem to
> produce the SSL traffic.
>
> How else can I enable SSL debugging?
>
> Thanks,
> Sudha



Reply | Threaded
Open this post in threaded view
|

Re: Enable SSL debugging

Sudha Duraiswamy
Thanks David! I looked in the user guide and in the internet but didn't find anything related to enabling SSL/TLS handshake when using BCJSSE.

When using Sun JSSE, I am able to see the messages in the SSL/TLS handshake. So, only BCJSSE doesn't seem to log the handshake messages when "-Djavax.net.debug=all" is used.

Regards,
Sudha

On Sun, Dec 20, 2020 at 12:20 PM David Hook <[hidden email]> wrote:

The BCJSSE supports the use of Java logging. You can find some details
on that in the user guide for the API (which is available off the FIPS
Java download page).

Regards,

David
On 12/12/20 9:43 am, Sudha Duraiswamy wrote:
> Hi,
>
> I am using BouncyCastleFipsProvider() and JSSE in FIPS mode using
>
> provider = new
> BouncyCastleFipsProvider("C:DEFRND[SHA256];HYBRID;ENABLE{ALL};");
> bcJsseProvider = new BouncyCastleJsseProvider("fips:BCFIPS");
>
> I am also using client authentication with SSL and when I start the
> application with "-Djavax.net.debug=all" arg, it doesn't seem to
> produce the SSL traffic.
>
> How else can I enable SSL debugging?
>
> Thanks,
> Sudha