[英]Java TLS: Disable SNI on client handshake
I'm trying to create a JVM HTTP client which will not send server_name
in the Client Handshake (long story, but I'm simulating a legacy system which doesn't support SNI).我正在尝试创建一个 JVM HTTP 客户端,它不会在客户端握手中发送
server_name
(长话短说,但我正在模拟一个不支持 SNI 的遗留系统)。
Setting the serverNames
SSLParameters
doesn't do the trick, I can still see the "Server Name Indication extension" in Wireshark.设置
serverNames
SSLParameters
不起作用,我仍然可以在 Wireshark 中看到“服务器名称指示扩展”。
fun run() {
val keyStore = keyStore()
val trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
trustFactory.init(keyStore)
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustFactory.trustManagers, null)
val httpClient = HttpClient.newBuilder()
.sslContext(sslContext)
.sslParameters(sslContext.defaultSSLParameters.apply {
serverNames = null
})
.build()
val request = HttpRequest.newBuilder()
.uri(URI.create("https://example.com/hello"))
.GET()
.build()
httpClient.send(request, HttpResponse.BodyHandlers.ofString())
}
Full code inthis gist. 本要点中的完整代码。
How can I stop the client from sending the SNI extension?如何阻止客户端发送 SNI 扩展?
如果您不介意应用于整个 JVM 的设置,请尝试
jsse.enableSNIExtension=false
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.