Bug ID: JDK-6985179 To support Server Name Indication extension for JSSE client

Type: Enhancement
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 7

Priority: P2
Status: Closed
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2010-09-16
Updated: 2017-05-16
Resolved: 2011-03-07

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7
6u115Fixed	7 b118Fixed

In practice, many virtual servers may host at the same IP address, and listening at the same port. Because SSL/TLS is an transport layer protocol, there was no way to indicate the server hostname and then could not provide SSL/TLS connections between those virtual servers and their clients.

We have got many requests to support SNI extension, and a lot of Java applications cannot visit virtual SSL/TLS servers listening on the same IP address and port. Virtual hosts are widespread and we need to address the problem as soon as possible.

RFC4366 defines Server Name Indication (SNI) extension to support virtual servers.

RFC4366: 
   TLS does not provide a mechanism for a client to tell a server the
   name of the server it is contacting.  It may be desirable for clients
   to provide this information to facilitate secure connections to
   servers that host multiple 'virtual' servers at a single underlying
   network address.

   In order to provide the server name, clients MAY include an extension
   of type "server_name" in the (extended) client hello.