§Debugging SSL Connections

In the event that an HTTPS connection does not go through, debugging JSSE can be a hassle.

WS SSL provides configuration options that will turn on JSSE debug options defined in the Debugging Utilities and Troubleshooting Security pages.

To configure, set the ws.ssl.debug property in application.conf:

ws.ssl.debug = [
 "certpath", "ocsp",

 # "all "  # defines all of the below
 "ssl",
 "defaultctx",
 "handshake",
   "verbose",
   "data",
 "keygen",
 "keymanager",
 "pluggability",
 "record",
   "packet",
   "plaintext",
 "session",
 "sessioncache",
 "sslctx",
 "trustmanager"
]

NOTE: This feature changes the setting of the java.net.debug system property which is global on the JVM. In addition, this feature changes static properties at runtime, and is only intended for use in development environments.

§Verbose Debugging

To see the behavior of WS, you can configuring the SLF4J logger for debug output:

logger.play.api.libs.ws.ssl=DEBUG

§Dynamic Debugging

If you are working with WSClient instances created dynamically, you can use the SSLDebugConfig class to set up debugging using a builder pattern:

val debugConfig = SSLDebugConfig().withKeyManager.withHandshake(data = true, verbose = true)

§Further reading

Oracle has a number of sections on debugging JSSE issues:

• Debugging SSL/TLS connections
• JSSE Debug Logging With Timestamp
• How to Analyze Java SSL Errors

Next: Loose Options