[英]Extended server_name (SNI Extension) not sent with JAVA 8
有人知道为什么我在java 8中使用此代码时没有服务器扩展名:
try {
URL url = new URL(urlString);
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(requestString);
wr.flush();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
String response = "";
while ((line = rd.readLine()) != null) {
response += line;
}
wr.close();
rd.close();
return response;
} catch (IOException ex) {
System.err.println(ex); return ex.toString();
}
在JAVA 7中,一切正常。 但不是JAVA 8。
当我激活ssl调试时,我观察到SNI没有在handshak中发送:
*** ClientHello, TLSv1
2017-02-20 19:28:18,002 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] RandomCookie: GMT: 1470841681 bytes = { 25, 147, 132, 94, 6, 112, 89, 50, 116, 255, 80, 95, 125, 122, 43, 167, 180, 116, 63, 225, 37, 223, 247, 196, 90, 33, 242, 8 }
2017-02-20 19:28:18,003 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Session ID: {}
2017-02-20 19:28:18,003 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2017-02-20 19:28:18,004 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Compression Methods: { 0 }
2017-02-20 19:28:18,005 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
2017-02-20 19:28:18,005 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Extension ec_point_formats, formats: [uncompressed]
2017-02-20 19:28:18,008 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] ***
2017-02-20 19:28:18,009 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, WRITE: TLSv1 Handshake, length = 137
2017-02-20 19:28:18,027 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, handling exception: java.net.SocketException: Connection reset
2017-02-20 19:28:18,027 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
2017-02-20 19:28:18,028 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, WRITE: TLSv1.2 Alert, length = 2
2017-02-20 19:28:18,030 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, Exception sending alert: java.net.SocketException: Broken pipe
2017-02-20 19:28:18,031 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, called closeSocket()
2017-02-20 19:28:18,032 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, called close()
2017-02-20 19:28:18,033 INFO [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, called closeInternal(true)
注意,我不使用setHostnameVerifier(..),我使用wildfly 10。
SunJSSE默认在JDK 7中为客户端应用程序启用了SNI扩展.JDK 8支持服务器应用程序的SNI扩展。
文档展示了您的代码现在必须更改一下才能启用它 - 请参阅SNIExtension以获取代码示例。
扩展的 server_name(SNI 扩展)不与 jdk1.8.0 一起发送,但与 jdk1.7.0 一起发送
[英]Extended server_name (SNI Extension) not sent with jdk1.8.0 but send with jdk1.7.0
当主机名包含“_”时,Java (JDK1.8) 不会在 SSL 握手中设置 server_name 扩展名
[英]Java (JDK1.8) is not setting server_name extension in SSL handshake when hostname has '_'
TLS扩展“服务器名称指示”(SNI):服务器端不可用的值
[英]TLS extension “Server Name Indication” (SNI): value not available on server side
在Java 8中,可以使HttpsURLConnection发送服务器名称指示(SNI)
[英]In Java 8 can HttpsURLConnection be made to send server name indication (SNI)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.