堆栈内存溢出
  简体   繁体   English

Java TLS:在客户端握手时禁用 SNI

[英]Java TLS: Disable SNI on client handshake

 原文  2020-09-23 10:01:56       java/ kotlin/ ssl

问题描述

I'm trying to create a JVM HTTP client which will not send server_name in the Client Handshake (long story, but I'm simulating a legacy system which doesn't support SNI).我正在尝试创建一个 JVM HTTP 客户端,它不会在客户端握手中发送server_name (长话短说,但我正在模拟一个不支持 SNI 的遗留系统)。

Setting the serverNames SSLParameters doesn't do the trick, I can still see the "Server Name Indication extension" in Wireshark.设置serverNames SSLParameters不起作用,我仍然可以在 Wireshark 中看到“服务器名称指示扩展”。

fun run() {
    val keyStore = keyStore()
    val trustFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
    trustFactory.init(keyStore)
    val sslContext = SSLContext.getInstance("SSL")
    sslContext.init(null, trustFactory.trustManagers, null)

    val httpClient = HttpClient.newBuilder()
        .sslContext(sslContext)
        .sslParameters(sslContext.defaultSSLParameters.apply {
            serverNames = null
        })
        .build()

    val request = HttpRequest.newBuilder()
        .uri(URI.create("https://example.com/hello"))
        .GET()
        .build()

    httpClient.send(request, HttpResponse.BodyHandlers.ofString())
}

Full code inthis gist. 本要点中的完整代码

How can I stop the client from sending the SNI extension?如何阻止客户端发送 SNI 扩展?

1 个解决方案

解决方案1
 1 已采纳  2020-09-23 12:33:25

如果您不介意应用于整个 JVM 的设置,请尝试

jsse.enableSNIExtension=false

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在新的Java 9客户端中启用TLS SNI - Enable TLS SNI in new Java 9 client Java客户端中具有SNI的TLS - TLS with SNI in Java clients SSL/TLS 连接重置 - 如何强制 Java 客户端使用 SNI? - SSL/TLS Connection reset - how to force Java client to use SNI? 如何在我的Java Webservice客户端请求中使用SSL / TLS握手 - How to use SSL/TLS handshake in my Java Webservice Client Request SNI Java 1.8和Jboss SSL握手 - SNI Java 1.8 and Jboss SSL Handshake 带有客户端证书的 TLS 握手失败 - TLS with client certificate failing handshake “ Java 1.7 TLS 1.2服务器”和“ Java 1.6客户端”之间的SSL / TLS握手 - The SSL / TLS handshake between a “Java 1.7 TLS 1.2 server” and a “Java 1.6 client” SSL + Java 8 + OpenJDK + SNI + HTTPClient =握手失败 - SSL+ Java 8 + OpenJDK + SNI + HTTPClient = Handshake Failure Java客户端上的SSL握手 - SSL HandShake on Java Client Java 1.6 TLS 1.2 handshake_failure - Java 1.6 TLS 1.2 handshake_failure
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM