How do I reduce the amount of debugging messages from javax.net.debug=ssl?

Question

When I don't use debugging I get a

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

As to why I enabled

javax.net.debug=ssl:handshake

to figure out what is going wrong.

However, while that is enabled, instead I get

Caused by: java.net.SocketException: Connection reset by peer: socket write error

Every time... I figured it's most likely due to the sheer amount of time it takes to write the debugging log... So, how do I reduce the amount so I can get to debugging the handshake_failure?

Answer 1

Your flag is most likely right. I typically use either -Djavax.net.debug=all or -Djavax.net.debug=ssl:handshake:verbose

You'll still get the socket closure, but the root cause is most likely something else. See https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

Complete details on debugging SSL/TLS are available in the JSSE Reference Guide Debugging section.

Consider applying the Java Cryptography Extension (JCE) Unlimited Strengh jurisdiction policy files for your Java version in case the handshake specifies stronger versions of the algorithms.

Answer 2

Have you tried using only javax.net.debug=ssl? It could be enough to understand what is going on, other than this, it's weird, i don't remember the handshake option adding all those additional messages.