limiting java ssl debug logging

The format for using the additional ssl flags is ssl:[flag] for example:

-Djavax.net.debug=ssl:record or -Djavax.net.debug=ssl:handshake.


I also find that using -Djavax.net.debug=ssl (or even its filters) to be too cumbersome for debugging HTTPS issues.

It's a little bit involved, but what I prefer to do is setup mitmproxy on a cheap server somewhere and then configure my Java clients to proxy through it. This way I can comfortably inspect and replay HTTPS request/response flows on the proxy without having to comb through a bunch of logs.

If you are you interested, I've written a guide on how to get this going: Debugging SSL in Java using mitmproxy