The Oracle documentation seems to indicate that Java 8 sends SNI automatically and by default. Wireshark indicates otherwise. I'm a PowerShell system administrator, not a Java developer, so I almost certainly miss something.
When used with the proper trust store, the following code returns 200 from all SSL sites that do not require SNI. It also recovers well when connecting to the default SSL website of an Apache server with multiple hosts. However, when asked to connect to a site other than the default, it is not suitable for a certificate name that does not match the site name, since it connects to the site by default.
import java.util.*; import java.net.*; import javax.net.ssl.*; import java.io.*; public class testJavaHttpConn { public static void main(String[] args) throws Exception { String strUrl = args[0]; System.out.println("Trying to connect to " + strUrl); try { URL url = new URL(strUrl); HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection(); System.out.println("Connecting"); urlConn.connect(); System.out.println("Done"); System.out.println("Response " + urlConn.getResponseCode()); } catch (IOException e) { System.err.println("Error creating HTTP connection"); e.printStackTrace(); throw e; } } }
I did not install System.setProperty ("jsse.enableSNIExtension", "false"); and when I set -Djavax.net.debug = ssl, it clearly shows that the server name extension is not installed.
I know that I can implement SSLSocket and set the SSLParameter server name if I am ready to dive into the next deeper layer of abstraction, but I would like to avoid it.
Edit: The code works as described above for Flo in the comments. This does not work for me from 1.8.0_72 on Linux 2.6.18-194.11.3.el5 and from 1.8.0_51 on Windows 7. Installing Windows is vanilla, and installing Linux updated the urandom value for securerandom.source =: / dev / ./urandom. I'm not sure how I can determine what is different from Flo regarding my installations.
source share