Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Server Name Indication (SNI) on Java

Tags:

java

http

ssl

sni

Can anyone help me get started on carrying out HTTP connections with server name indication in Java?

I'm trying to request content from a site I'm adminstering. I've been using Apache's HttpClient library, but my request for secure content fails because the website only uses SNI for HTTPS, and SNI isn't enabled in the DefaultHttpClient. I've looked for instruction on how to approach this within Apache's HttpClient library, but I see end up with this document: http://hc.apache.org/httpclient-3.x/sslguide.html, which is out of date (referring to code back when HttpClient and HttpCore were part of Apache's commons package).

So... any help?

like image 796
JellicleCat Avatar asked Sep 11 '12 00:09

JellicleCat


People also ask

What is SNI in Java?

The SNI extension is a feature that extends the SSL/TLS protocols to indicate what server name the client is attempting to connect to during handshaking. Servers can use server name indication information to decide whether specific SSLSocket or SSLEngine instances should accept a connection.

How do I know if SNI is working?

So, in practice the easiest test is to simply try connecting. For this you need to know two names that resolve to the same IP, to which an ssl connection can be made. https is easiest as you can then simply browse to both names and see if you're presented with the correct certificate.

What is SNI example?

For example, SNI helps the browser creating a secure connection with a website like https://www.itsanexample.com/. Even if it's hosted on the same IP address where other websites are hosted like https://itsadifferentexample.com/, https://onemore-example.com/.


1 Answers

you might want to track https://issues.apache.org/jira/browse/HTTPCLIENT-1119

the underlying client implementation of Java 7 is capable to support it and exposes the feature via SSLSocketImpl#setHost (called by sun.net.www.protocol.https.HttpsClient

on Java 7 use

    new URL("https://cmbntr.sni.velox.ch/").openStream()

until HTTPCLIENT-1119 is fixed

like image 145
cmbntr Avatar answered Sep 25 '22 13:09

cmbntr