问题
I'm trying to create a JVM HTTP client which will not send server_name in the Client Handshake (long story, but I'm simulating a legacy system which doesn't support SNI).
Setting the serverNames SSLParameters doesn't do the trick, I can still see the "Server Name Indication extension" in Wireshark.
fun run() {
val keyStore = keyStore()
val trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
trustFactory.init(keyStore)
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustFactory.trustManagers, null)
val httpClient = HttpClient.newBuilder()
.sslContext(sslContext)
.sslParameters(sslContext.defaultSSLParameters.apply {
serverNames = null
})
.build()
val request = HttpRequest.newBuilder()
.uri(URI.create("https://example.com/hello"))
.GET()
.build()
httpClient.send(request, HttpResponse.BodyHandlers.ofString())
}
Full code in this gist.
How can I stop the client from sending the SNI extension?
回答1:
If you don't mind the setting applying to the whole JVM, try
jsse.enableSNIExtension=false
来源:https://stackoverflow.com/questions/64025494/java-tls-disable-sni-on-client-handshake