限制 java ssl 调试日志记录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23659564/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
limiting java ssl debug logging
提问by Steve Renyolds
Using JVM flag
使用 JVM 标志
-Djavax.net.debug=ssl
is producing a tremendous ammount of logging, the details for every SSL event on the server. Is there anyway to only have it log errors? or possibly there is some better subset of these flags that produce tidier output
正在产生大量的日志记录,服务器上每个 SSL 事件的详细信息。无论如何只能让它记录错误吗?或者可能有一些更好的这些标志的子集可以产生更整洁的输出
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
keygen print key generation data
session print session activity
defaultctx print default SSL initialization
sslctx print SSLContext tracing
sessioncache print session cache tracing
keymanager print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing
handshake debugging can be widened with:
data hex dump of each handshake message
verbose verbose handshake message printing
record debugging can be widened with:
plaintext hex dump of record plaintext
packet print raw SSL/TLS packets
回答by Alan MacK
The format for using the additional sslflags is ssl:[flag]for example:
例如,使用附加ssl标志的格式是ssl:[flag]:
-Djavax.net.debug=ssl:recordor -Djavax.net.debug=ssl:handshake.
-Djavax.net.debug=ssl:record或-Djavax.net.debug=ssl:handshake。
回答by capotej
I also find that using -Djavax.net.debug=ssl(or even its filters) to be too cumbersome for debugging HTTPS issues.
我还发现使用-Djavax.net.debug=ssl(甚至它的过滤器)对于调试 HTTPS 问题来说太麻烦了。
It's a little bit involved, but what I prefer to do is setup mitmproxyon a cheap server somewhere and then configure my Java clients to proxy through it. This way I can comfortably inspect and replay HTTPS request/response flows on the proxy without having to comb through a bunch of logs.
这有点复杂,但我更喜欢做的是在某个便宜的服务器上设置mitmproxy,然后配置我的 Java 客户端以通过它进行代理。通过这种方式,我可以轻松地检查和重放代理上的 HTTPS 请求/响应流,而无需梳理一堆日志。
If you are you interested, I've written a guide on how to get this going: Debugging SSL in Java using mitmproxy
如果您有兴趣,我已经编写了有关如何实现这一目标的指南:使用 mitmproxy 在 Java 中调试 SSL
