How to enable SSL debugging in Java JVM?

Dealing with SSL issues in Java web application is no fun, especially when you have no debug logs and all you see is an ugly ‘Page Cannot be displayed’ error message in your browser. Thankfully you can easily enable SSL to debug on your Application to start seeing verbose logs that will clearly show what happens during the SSL handshake process. You can enable SSL debugging logs in your Application Server JVM config by adding the following JVM command line parameter and restart the Application Server:

Note that since it is a Java System Property ( used by JSSE – Java Secure Sockets Extension), it will work on any JEE ApplicationServer such as WebSphere, WebLogic, Jboss, Tomcat etc. This is also one of the reasons why every Java developer should know more about various JVM parameters, here is a handy list of most useful JVM options for Java developers.

How to enable SSL debug logging in IBM WebSphere?

Depending on your WAS version, adding the above parameter is typically done by navigating to WAS Admin Console > Servers > Application Servers > YourServer > Process Management > Java Virtual Machine > Generic JVM arguments

How to enable SSL debugging in Java Webpshere JVM?

The verbose logs will usually go to SystemOut.log

Note: If you are unable to update System Property via the java command line above for whatever reason, try OS level network packet monitoring tool first. Now, what exactly are they? If you are running on Unix/Linux, try ‘snoop/tcpdump’. On windows, you are in luck – use Microsoft Network Monitor, a very powerful tool. You can also try Wireshark (ethereal) on Windows.

That's all about how to enable SSL debugging in Java. This is one of the 10 essential JVM options I have suggested for production Java system. You don't appreciate the value of such parameter until you have faced the situation and realized the gravity of problem and how much this tiny, little, and slightly unknown JVM option can help you. This is another reason, why I suggest you to get yourself familiar with different JVM options now and then. Good understanding of JVM internals and JVM options are essential for any experienced Java programmers.

You can improve your knowledge by reading any good book on Java profiling and performance e.g. Java Performance The Definitive Guide By Scott Oaks or most up-to-date Java Performance Companion by Charlie Hunt, which covers Java 8 enhancements and G1 garbage collector as well. Both are great book to make yourself familiar with tools, process and internal of Java virtual machine.

How to enable SSL debugging in Java JVM?

All the best with your learning about Java and JVM options. 

Further Learning
Understanding the Java Virtual Machine: Security
Learn Spring Security by Eugen

No comments :

Post a Comment