Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
enableSNIExtension
75 views
Skip to first unread message
Roedy Green
Jul 12, 2016, 11:57:37 PM7/12/16
to
System.setProperty( "jsse.enableSNIExtension", "false" );
Oracle erred in making this a system property.
It is something you configure on a site by site basis. This really
should be a method of HttpURLConnection.
Consider what happen when you have many threads each reading from SSL
sites.
The only thing I can think of to bypass this error is to bundle the
sites that use SNI and do not, and process them in two separate lumps.
Surely there is some way to probe a site to see if it uses SNI. If
so, this system property could be deprecated.
Oracle erred in making this a system property.
It is something you configure on a site by site basis. This really
should be a method of HttpURLConnection.
Consider what happen when you have many threads each reading from SSL
sites.
The only thing I can think of to bypass this error is to bundle the
sites that use SNI and do not, and process them in two separate lumps.
Surely there is some way to probe a site to see if it uses SNI. If
so, this system property could be deprecated.
Silvio
Jul 13, 2016, 6:48:28 PM7/13/16
to
Arne Vajhøj
Jul 14, 2016, 10:18:52 PM7/14/16
to
default (true).
I believe that many think that Java should just ignore the server
response from non-SNI servers when enabled, because then there would
never be a reason to disable it.
But if you have a case where you have both SNI servers and non-SNI
servers, then 2 JVM's seems like the easy solution.
The hard solution must be to play around with SSLSocketFactory
and SSLSocket and do some magic to make it a per connection thing.
I have not tried that.
Arne
0 new messages