我正在尝试在我的项目中启用 SNI 扩展。我jsse.enableSNIExtension通过以下方式设置属性:
1. Writing System.setProperty("jsse.enableSNIExtension", "true");
2. Passing -Djsse.enableSNIExtension=true as VM argument
我在应用程序启动后打印了上述属性的值并且打印的值是 true 但是当 tlsv1.2 尝试与服务器建立握手时,该字段的sun.security.ssl.ClientHandshaker.java private static final boolean enableSNIExtension = Debug.getBooleanProperty("jsse.enableSNIExtension", true);值为 false 最终导致 SNI 标头未包含在扩展中
日志打印如下:
http-nio-9113-exec-2, setSoTimeout(60000) called
http-nio-9113-exec-2, the previous server name in SNI (type=host_name (0), value=xxx.yyy.zzz.com) was replaced with (type=host_name (0), value=xxx.yyy.zzz.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
.
.
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
update handshake state: client_hello[1]
upcoming …