--- old/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Tue Apr 5 18:37:14 2016 +++ new/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Tue Apr 5 18:37:14 2016 @@ -1199,7 +1199,7 @@ preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "ServerKeyExchange message: " + preferableSignatureAlgorithm); } } else { this.preferableSignatureAlgorithm = null; @@ -1232,7 +1232,7 @@ sig = RSASignature.getInstance(); break; default: - throw new SSLKeyException("neither an RSA or a DSA key"); + throw new SSLKeyException("neither an RSA or a DSA key: " + algorithm); } } @@ -1482,7 +1482,7 @@ preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "ServerKeyExchange message: " + preferableSignatureAlgorithm); } } @@ -1522,7 +1522,8 @@ case "RSA": return RSASignature.getInstance(); default: - throw new NoSuchAlgorithmException("neither an RSA or a EC key"); + throw new NoSuchAlgorithmException( + "neither an RSA or a EC key : " + keyAlgorithm); } } @@ -1729,7 +1730,7 @@ algorithmsLen = input.getInt16(); if (algorithmsLen < 2) { throw new SSLProtocolException( - "Invalid supported_signature_algorithms field"); + "Invalid supported_signature_algorithms field: " + algorithmsLen); } algorithms = new ArrayList(); @@ -1748,7 +1749,7 @@ if (remains != 0) { throw new SSLProtocolException( - "Invalid supported_signature_algorithms field"); + "Invalid supported_signature_algorithms field. remains: " + remains); } } else { algorithms = new ArrayList(); @@ -1765,7 +1766,7 @@ } if (len != 0) { - throw new SSLProtocolException("Bad CertificateRequest DN length"); + throw new SSLProtocolException("Bad CertificateRequest DN length: " + len); } authorities = v.toArray(new DistinguishedName[v.size()]); @@ -1996,7 +1997,7 @@ preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "CertificateVerify message"); + "CertificateVerify message: " + preferableSignatureAlgorithm); } } @@ -2364,7 +2365,8 @@ SecretKey prfKey = kg.generateKey(); if ("RAW".equals(prfKey.getFormat()) == false) { throw new ProviderException( - "Invalid PRF output, format must be RAW"); + "Invalid PRF output, format must be RAW. Format received:" + + prfKey.getFormat()); } byte[] finished = prfKey.getEncoded(); return finished; --- old/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue Apr 5 18:37:16 2016 +++ new/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue Apr 5 18:37:15 2016 @@ -68,7 +68,8 @@ ProtocolVersion maxVersion, SecureRandom generator, PublicKey publicKey) throws IOException { if (publicKey.getAlgorithm().equals("RSA") == false) { - throw new SSLKeyException("Public key not of type RSA"); + throw new SSLKeyException("Public key not of type RSA: " + + publicKey.getAlgorithm()); } this.protocolVersion = protocolVersion; @@ -100,7 +101,8 @@ int messageSize, PrivateKey privateKey) throws IOException { if (privateKey.getAlgorithm().equals("RSA") == false) { - throw new SSLKeyException("Private key not of type RSA"); + throw new SSLKeyException("Private key not of type RSA: " + + privateKey.getAlgorithm()); } if (currentVersion.useTLS10PlusSpec()) { @@ -161,8 +163,8 @@ } } catch (InvalidKeyException ibk) { // the message is too big to process with RSA - throw new SSLProtocolException( - "Unable to process PreMasterSecret, may be too big"); + throw new SSLException( + "Unable to process PreMasterSecret", ibk); } catch (Exception e) { // unlikely to happen, otherwise, must be a provider exception if (debug != null && Debug.isOn("handshake")) {