United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6985179 : To support Server Name Indication extension for JSSE client

Details
Type:
Enhancement
Submit Date:
2010-09-16
Status:
Closed
Updated Date:
2011-05-26
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
security-libs
OS:
generic
Sub-Component:
javax.net.ssl
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports

Sub Tasks

Description
In practice, many virtual servers may host at the same IP address, and listening at the same port. Because SSL/TLS is an transport layer protocol, there was no way to indicate the server hostname and then could not provide SSL/TLS connections between those virtual servers and their clients.

We have got many requests to support SNI extension, and a lot of Java applications cannot visit virtual SSL/TLS servers listening on the same IP address and port. Virtual hosts are widespread and we need to address the problem as soon as possible.

RFC4366 defines Server Name Indication (SNI) extension to support virtual servers.

RFC4366: 
   TLS does not provide a mechanism for a client to tell a server the
   name of the server it is contacting.  It may be desirable for clients
   to provide this information to facilitate secure connections to
   servers that host multiple 'virtual' servers at a single underlying
   network address.

   In order to provide the server name, clients MAY include an extension
   of type "server_name" in the (extended) client hello.

                                    

Comments
EVALUATION

support SNI in client mode. Server just ignore the SNI extension in the current implementation.
                                     
2010-11-02
EVALUATION

http://hg.openjdk.java.net/jdk7/build/jdk/rev/9d6a9f65d2bf
                                     
2010-12-04



Hardware and Software, Engineered to Work Together