问题
The following snippet works perfectly as long as only one tls certificate is enabled on the nginx server.
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("ENDPOINT").build();
Response response = client.newCall(request).execute();
System.out.println(response.body().string());
Activating a site with a different certificate causes nginx to enable SNI. That apparently breaks both on Oracle Java 7 as well as OpenJDK 7.
Exception in thread "main" java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:195)
at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:148)
at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)
at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:188)
at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:127)
at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:289)
at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
at okhttp3.RealCall.getResponse(RealCall.java:240)
at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:198)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:160)
at okhttp3.RealCall.execute(RealCall.java:57)
at Main.main(Main.java:20)
来源:https://stackoverflow.com/questions/36480255/okhttp-with-sni-connection-reset-on-java-7