发表新帖
发表新帖

Server Name Indication (SNI) on Java

前端 未结
关注
5 900
挽巷
挽巷 2020-12-14 11:37

Can anyone help me get started on carrying out HTTP connections with server name indication in Java?

I\'m trying to request content from a site I\'m adminstering. I\

相关标签:
5条回答
  • 遥遥无期
    2020-12-14 11:56

    It appears that this issue is fixed in Java 7.

    0 讨论(0)
  • 时光取名叫无心
    2020-12-14 11:58

    you might want to track https://issues.apache.org/jira/browse/HTTPCLIENT-1119

    the underlying client implementation of Java 7 is capable to support it and exposes the feature via SSLSocketImpl#setHost (called by sun.net.www.protocol.https.HttpsClient

    on Java 7 use

        new URL("https://cmbntr.sni.velox.ch/").openStream()

    until HTTPCLIENT-1119 is fixed

    0 讨论(0)
  • 青春惊慌失措
    2020-12-14 12:02

    This is how I did it in org.apache.httpcomponents's httpclient v4.3+ 

    private HttpClientConnectionManager createConnectionManager(final SSLContext ctx) {
    LOG.info("Creating sslConnectionSocketFactory");
    final SSLConnectionSocketFactory sslSF = new SSLConnectionSocketFactory(ctx) {

        @Override
        protected void prepareSocket(SSLSocket socket) throws IOException {
            try {
                System.out.println("************ setting socket HOST property *************");
                PropertyUtils.setProperty(socket, HOST, Constants.SNI_HOST);
            } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException ex) {
                LOG.error(ex.getMessage());
            }
            super.prepareSocket(socket); 
        }

    };

    LOG.info("Creating connectionRegistry");
    final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
            .register("https", sslSF)
            .build();

    LOG.info("Creating poolingConnectionManager");
    final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
    connectionManager.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE);
    connectionManager.setMaxTotal(MAX_CONNECTIONS);

    return connectionManager;
}

    And this is how I created the HttpClient

    final KeyManager[] keyManagers = createKeyManagers();
final TrustManager[] trustManagers = createTrustManagers();
final SSLContext ctx = createSslContext(keyManagers, trustManagers);

final HttpClientConnectionManager connectionManager = createConnectionManager(ctx);

LOG.info("Creating httpClient");
HttpClient httpClient = HttpClients
        .custom()
        .setConnectionManager(connectionManager)
        .build();
    0 讨论(0)
  • 盖世英雄少女心
    2020-12-14 12:16

    with an short fix as described under: TLS with SNI in Java clients It is Possible to add SNI Server Support to JDK 7 and USe it in the together with X509ExtendedKeyManager.

    0 讨论(0)
  • 萌比男神i
    2020-12-14 12:20

    What worked for me was configuring the ServerName correctly in the Apache configuration:

    /etc/apache2/sites-avaible/default

    <VirtualHost *:443>
  ServerName foo.domain.com
  ...
</VirtualHost>

    Like said in https://stackoverflow.com/a/8058839/2088282.

    0 讨论(0)
 看不清?
提交回复
热议问题