Can anyone help me get started on carrying out HTTP connections with server name indication in Java?
I'm trying to request content from a site I'm adminstering. I've been using Apache's HttpClient library, but my request for secure content fails because the website only uses SNI for HTTPS, and SNI isn't enabled in the DefaultHttpClient. I've looked for instruction on how to approach this within Apache's HttpClient library, but I see end up with this document: http://hc.apache.org/httpclient-3.x/sslguide.html, which is out of date (referring to code back when HttpClient and HttpCore were part of Apache's commons package).
So... any help?
The SNI extension is a feature that extends the SSL/TLS protocols to indicate what server name the client is attempting to connect to during handshaking. Servers can use server name indication information to decide whether specific SSLSocket or SSLEngine instances should accept a connection.
So, in practice the easiest test is to simply try connecting. For this you need to know two names that resolve to the same IP, to which an ssl connection can be made. https is easiest as you can then simply browse to both names and see if you're presented with the correct certificate.
For example, SNI helps the browser creating a secure connection with a website like https://www.itsanexample.com/. Even if it's hosted on the same IP address where other websites are hosted like https://itsadifferentexample.com/, https://onemore-example.com/.
you might want to track https://issues.apache.org/jira/browse/HTTPCLIENT-1119
the underlying client implementation of Java 7 is capable to support it and exposes the feature via SSLSocketImpl#setHost (called by sun.net.www.protocol.https.HttpsClient
on Java 7 use
new URL("https://cmbntr.sni.velox.ch/").openStream()
until HTTPCLIENT-1119 is fixed
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With