Debugging Utilities

IBMJSSE2 provides dynamic debug tracing support. This is similar to the support used for debugging access control failures in the Java™ 2 platform. The generic Java dynamic debug tracing support is accessed with the system property java.security.debug, while the JSSE-specific dynamic debug tracing support is accessed with the system property javax.net.debug.

Note: The debug utility is not an officially supported feature of JSSE.

To view the options of the JSSE dynamic debug utility, use the following command-line option on the java command:

-Djavax.net.debug=help

Note: If you specify the value help with either dynamic debug utility when running a program that does not use any classes that the utility was designed to debug, you will not get the debugging options.

Here is a complete example of how to get a list of the debug options:

java -Djavax.net.debug=help MyApp

where MyApp is an application that uses some of the JSSE classes. MyApp will not run after the debug help information is printed, as the help code causes the application to exit.

Here are the current options:

Table 1.
Option	Description
all	turn on all debugging
true	turn on all debugging
ssl	turn on ssl debugging

The following can be used with ssl:

Table 2.
Option	Description
record	enable per-record tracing
handshake	print each handshake message
keygen	print key generation data
session	print session activity
defaultctx	print default SSL initialization
sslctx	print SSLContext tracing
sessioncache	print session cache tracing
keymanager	print key manager tracing
trustmanager	print trust manager tracing

Handshake debugging can be widened with:

Table 3.
Option	Description
data	hex dump of each handshake message
verbose	verbose handshake message printing

Record debugging can be widened with:

Table 4.
Option	Description
plaintext	hex dump of record plaintext
packet	print raw SSL or TLS packets

The javax.net.debug property value must specify either all, true or ssl, optionally followed by debug specifiers. You can use one or more options. You do not have to have a separator between options, although a separator such as a colon (:) or comma (,) helps readability. It doesn't matter what separators you use, and the ordering of the option keywords is also not important.

Examples

To view all debugging messages:
```
java -Djavax.net.debug=all MyApp
```
To view the hexadecimal dumps of each handshake message, you can type the following command, where the colons are optional:
```
java -Djavax.net.debug=ssl:handshake:data MyApp
```
To view the hexadecimal dumps of each handshake message, and to print trust manager tracing, you can type the following, where the commas are optional:
```
java -Djavax.net.debug=SSL,handshake,data,trustmanager MyApp
```