堆栈内存溢出
  简体   繁体   English

Java对服务器角色中的服务器名称指示(SNI)的支持?

[英]Java support for Server Name Indication (SNI) in server role?

 原文  2013-02-26 22:12:46       java/ sni

问题描述

Java 7 brings client support for SNI . Java 7带来了对SNI的客户端支持 Are there known open-source implementations of the SNI server role? 是否存在SNI服务器角色的已知开源实现? Java provides "transparant support" TLS connections (including the handshake), but I need to decouple the handshake process so I can send a certificate back based on the SNI host_name extension. Java提供了“透明支持” TLS连接(包括握手),但是我需要解耦握手过程,以便可以基于SNI host_name扩展名发回证书。

After failing to find online documentation, I looked in the OpenJDK source code, but there does not seem to be a point where I can monitor the ClientHello message before Java sends the ServerHello message. 在找不到在线文档之后,我查看了OpenJDK源代码,但是似乎没有什么地方可以在Java发送ServerHello消息之前监视ClientHello消息。

3 个解决方案

解决方案1
 4  2013-07-12 03:18:10

I made a quick hack some time ago: https://bitbucket.org/zmarcos/sniserversocket 我前段时间做了一个快速hack: https : //bitbucket.org/zmarcos/sniserversocket

If you follow the instructions: https://bitbucket.org/zmarcos/sniserversocket/wiki/Home 如果您按照说明进行操作: https : //bitbucket.org/zmarcos/sniserversocket/wiki/Home

It will work even on Java EE servers, like Glassfish. 它甚至可以在Java EE服务器(例如Glassfish)上运行。

解决方案2
 1  2013-07-12 01:08:42

I don't know of a known open-source implementation for for Java 7, but server SNI support is coming in Java 8 . 我不知道Java 7的已知开源实现,但是Java 8中将提供对服务器SNI的支持。 If you back-port this to Java 7, I'd love to know. 如果您将此移植回Java 7,我很想知道。

解决方案3
 0  2017-07-22 14:23:14

I came across the same problem myself and ended up writing an open source library: TLS Channel . 我本人也遇到了同样的问题,最后写了一个开源库TLS Channel The scope of the library is actually bigger: it is a complete abstraction for SSLEngine (which is seriously hard to use directly), exposing it as a ByteChannel. 该库的范围其实更大:它是SSLEngine的一个完整的抽象(这是认真刻苦直接使用),露出它作为了ByteChannel。

Regarding SNI, the library does the parsing of the first bytes before creating the SSLEngine. 关于SNI,该库在创建SSLEngine之前先解析第一个字节。 The user can then supply a function to the server channel, to select SSLContexts depending on the received domain name. 然后,用户可以向服务器通道提供功能,以根据接收的域名选择SSLContexts。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 6 SNI(服务器名称指示)? - Java 6 SNI (Server Name Indication)? Java上的服务器名称指示(SNI) - Server Name Indication (SNI) on Java Spring Boot 是否支持服务器名称指示 (SNI)? - Does Spring Boot support Server Name Indication (SNI)? 在Java 8中,可以使HttpsURLConnection发送服务器名称指示(SNI) - In Java 8 can HttpsURLConnection be made to send server name indication (SNI) 服务器名称对java 1.6的指示支持 - Server Name Indication support for java 1.6 TLS扩展“服务器名称指示”(SNI):服务器端不可用的值 - TLS extension “Server Name Indication” (SNI): value not available on server side 需要服务器名称指示(SNI)的测试服务器中的Apache CXF客户端错误 - Apache CXF client error in testing server which needs Server Name Indication (SNI) 如何强制 Spring 引导嵌入式 tomcat 使用 SNI(服务器名称指示) - How to force Spring boot embedded tomcat to use SNI (Server Name Indication) 扩展server_name(SNI扩展)不与JAVA 8一起发送 - Extended server_name (SNI Extension) not sent with JAVA 8 服务器为无效的 SNI 主机名提供证书 - Server provides certificate for invalid SNI host name
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM