sni

Can anyone help me get started on carrying out HTTP connections with server name indication in Java? I'm trying to request content from a site I'm adminstering. I've been using Apache's HttpClient library, but my request for secure content fails because the website only uses SNI for HTTPS, and SNI isn't enabled in the DefaultHttpClient. I've looked for instruction on how to approach this within Apache's HttpClient library, but I see end up with this document: http://hc.apache.org/httpclient-3.x/sslguide.html , which is out of date (referring to code back when HttpClient and HttpCore were part

I can find various information about SNI (see Wikipedia ), but I can't find any statistics about actual support in browsers. The best I could find out is that it should work on Windows XP with SP3. Does anyone know if SNI can actually be used in practice? I can share my experience and approach to switching from one-IP-per certificate in a virtual hosting environment (multiple domains per server) to a load balanced environment with one IP for all domains. We looked at our Analytics (over 1 million unique visitors / month), which is mostly North American male users looking to buy auto parts

I have an Apache web server that runs several TLS virtualhosts with different certs and SNI. I can access the various virtual hosts just fine using curl (presumably SNI makes it work). I can also access them fine with a little command-line Java program that basically just openConnection()s on a URL. In my Tomcat application, the basic same client-side code accesses the same Apache server as a client, but always ends up with the default cert (defaulthost.defaultdomain) instead of the cert of the virtual host that was specified in the URL that it attempts to access. (This produces a

I am trying to use cURL to post to an API that just started using SNI (so they could host multiple ssl certs on 1 IP address). My cURL stopped working as a result of this move to SNI. They explained that it's because cURL is getting *.domain-a.com back instead of *.domain-b.com so the SSL fails. This seems to be a bug in cURL because the API URL has no errors when visited from a browser. Using this code, it does work: exec('curl -k -d "parameters=here", https://urlhere.com/', $output); print_r($output); However, using -k is bad because it doesn't verify the SSL cert. Using this code, does NOT

I'm using OpenSSL 0.9.8q in FreeBSD-8.2. I have 3 virtual hosts on my system and want to implement SNI to serve for all 3 of them in one server. I have 3 separate certificates one for each, and in my ssl-server code I have to somehow find out what is the domain-name of client's request, and use the appropriate certificate file based on that. For this I wrote a function named get_ssl_servername_cb and passed it as callback function to SSL_CTX_set_tlsext_servername_callback . This way, in callback function I can get the the domain-name of the client's request. But my problem is, this callback

I have implemented a JAX-WS client by using ApacheCXF (v3.0.4) and everything works successfully but the problem comes when I want to use a secure connection (SSL/TLS) with java 8 (jdk1.8.0_25). I see the following exception in log (-Djavax.net.debug=all): main, handling exception: java.net.SocketException: Connection reset main, SEND TLSv1.2 ALERT: fatal, description = unexpected_message main, WRITE: TLSv1.2 Alert, length = 2 main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error After a depeer analysis I have observed the problem is caused