https://github.com/marschall/jfr-handshake
TLS debuggin with JFR
https://github.com/marschall/jfr-handshake
Last synced: 3 months ago
JSON representation
TLS debuggin with JFR
- Host: GitHub
- URL: https://github.com/marschall/jfr-handshake
- Owner: marschall
- Created: 2019-12-04T08:03:40.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-12-04T15:58:52.000Z (over 5 years ago)
- Last Synced: 2025-01-16T02:45:06.907Z (4 months ago)
- Language: Java
- Size: 150 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
TLS Debugging with JFR
======================
Sometimes when debugging SSL/TLS connection issues in Java [JSSE debug logging](https://docs.oracle.com/en/java/javase/11/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-31B7E142-B874-46E9-8DD0-4E18EC0EB2CF) may not be available because it requires a JVM restart and a change to JVM arguments. In such cases [Java Flight Recorder (JFR) Security Events](https://bugs.openjdk.java.net/browse/JDK-8148188) may be used. JFR Security Events are Java available in Java 12+, 11.0.5+ and 8u231+. To generate JFR events you need a configuration file like this one:
```xml
true
true
true
true
true
true
true
true
```
Analysis may not be very comfortable as the information available is limited.
So it may pay to create a page with all certificates, this way you can search by certificate id.
Extensions like [SAN](https://en.wikipedia.org/wiki/Subject_Alternative_Name) are not available so you may to to inspect the certificate with a different tool.
Demo code can be found under [jfr-handshake](https://github.com/marschall/jfr-handshake).