JDK-6985179 : To support Server Name Indication extension for JSSE client
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-09-16
  • Updated: 2017-05-16
  • Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u115Fixed 7 b118Fixed
Sub Tasks
JDK-8156136 :  
Description
In practice, many virtual servers may host at the same IP address, and listening at the same port. Because SSL/TLS is an transport layer protocol, there was no way to indicate the server hostname and then could not provide SSL/TLS connections between those virtual servers and their clients.

We have got many requests to support SNI extension, and a lot of Java applications cannot visit virtual SSL/TLS servers listening on the same IP address and port. Virtual hosts are widespread and we need to address the problem as soon as possible.

RFC4366 defines Server Name Indication (SNI) extension to support virtual servers.

RFC4366: 
   TLS does not provide a mechanism for a client to tell a server the
   name of the server it is contacting.  It may be desirable for clients
   to provide this information to facilitate secure connections to
   servers that host multiple 'virtual' servers at a single underlying
   network address.

   In order to provide the server name, clients MAY include an extension
   of type "server_name" in the (extended) client hello.

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/build/jdk/rev/9d6a9f65d2bf
2010-12-04

EVALUATION support SNI in client mode. Server just ignore the SNI extension in the current implementation.
2010-11-02