Need more help with logging?

Subscribers click here.

How-To Guides

Issue Tracker

Need more help? Learn about
Oracle Java Support subscriptions

How to Enable Loggers Used in the JDK

Introduction

This document shows how to enable built-in Java logging mechanisms (loggers) used within the JDK. This will help capture and review detailed internal logs—such as HTTP/HTTPS requests and responses handled by classes like HttpURLConnection—enabling effective troubleshooting, diagnosis of failures, and deeper insights into Java application behavior and communication with external systems.

Understanding and resolving issues in Java applications requires insight into the platform’s internal operations and runtime behavior. Logging is a fundamental tool for monitoring, diagnosing, and maintaining Java-based systems. The Java platform provides robust, built-in frameworks that eliminate the need for external dependencies and help developers capture detailed diagnostic information.

Two of the most popular built-in loggers in the JDK are:

Logger NameDescription
sun.net.www.protocol.http.HttpURLConnectionJDK HttpClient/HttpURLConnection (and HttpsURLConnection) Logger
javax.net.sslJSSE TLS/SSL Logger (JDK 9+)

Note: Both loggers are configured using the logging.properties file, whose location depends on your JDK version:

  • JDK 8 and earlier: <java-home>/jre/lib/logging.properties
  • JDK 11 and later: <java-home>/conf/logging.properties

You can also specify a custom properties file using the following JVM argument: -Djava.util.logging.config.file=/path/to/logging.properties

The JDK HttpClient/HttpURLConnection Logger

This logger helps diagnose connectivity issues, track HTTP/HTTPS request/response cycles, and provide visibility into Java network operations. Importantly, both HttpURLConnection and its subclass HttpsURLConnection use the same internal implementation; thus, enabling this logger captures diagnostic events for both HTTP and HTTPS connections.

Logger name: sun.net.www.protocol.http.HttpURLConnection

Example: Capturing HTTP Communication Logs

Suppose you are troubleshooting network issues or need to analyze HTTP traffic handled by Java’s internal HTTP client; you can enable detailed logging for HTTP connections as follows:

Step 1: Create or Edit the Logging Properties File Prepare a logging.properties file to configure the desired logging behavior. By default, this file may be located in your JRE’s lib directory, but you can also specify a custom path using a JVM argument (explained in the next step).

To enable HTTP-level logging, Specify HTTP-level logging in logging.properties:

sun.net.www.protocol.http.HttpURLConnection.level = INFO

Use INFO for less verbosity.

Step 2: Launch the JVM with Your Logging Configuration Run your Java application, specifying the path to your custom logging.properties file:

java -Djava.util.logging.config.file=/path/to/logging.properties YourJavaApplication

Replace /path/to/logging.properties with the full path to your properties file, and YourJavaApplication with your main class or .jar file.

The JSSE TLS/SSL Logger (JDK 9+)

This logger helps debug SSL handshakes, certificate validation, and encryption issues for secure communications. All SSL/TLS diagnostic output is centralized in the logger named javax.net.ssl starting with Java 9. This logger is the single point of configuration for capturing internal SSL/TLS protocol interactions, certificate validation, handshake progress, cipher negotiation, and error states.

Logger name: javax.net.ssl

Control Debugging with javax.net.debug Property

The javax.net.debug system property not only enables SSL/TLS debug messages, it also determines how and where these messages are routed:

ValueLogging RouteCan Route or Filter via Logger?
Not setNo debug logging-
Empty ("")Sent to javax.net.ssl loggerYes (configurable)
Non-empty (“ssl”, etc)Direct to console outputNo (console only)
  • If you specify -Djavax.net.debug (with no value), all SSL/TLS debug messages go through the javax.net.ssl logger and can be managed using your logging configuration.
  • If you specify -Djavax.net.debug=ssl (or any non-empty value), SSL debugging output is printed directly and exclusively to the standard error stream - logging frameworks and configuration are bypassed.

Practical Configuration

logging.properties for capturing SSL/TLS debug messages:

You may direct output to files or other handlers as needed.

handlers = java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level = ALL
javax.net.ssl.level = ALL
javax.net.ssl.useParentHandlers = true

Running with SSL/TLS Logging (direct to standard error stream, not configurable):

All SSL/TLS handshake, certificate, and protocol debug messages are captured per your logging backend’s configuration.

java -Djavax.net.debug -Djava.util.logging.config.file=/path/to/logging.properties YourJavaApplication

Running with SSL/TLS Logging (direct to console, not configurable):

Java’s internal SSL/TLS subsystem produces detailed debug logs and writes them directly to the standard error stream (console).

java -Djavax.net.debug=ssl -jar YourJavaApplication

Notes:

  1. Debug logging can generate extensive output. Ensure adequate disk space, and if logs become unmanageable, lower the logging level from ALL or FINEST to INFO.
  2. SSL/TLS Debugging: Use -Djavax.net.debug=ssl for additional verbose output on SSL/TLS operations.

Last reviewed on 2026-06-10