英文:
Java TLS: Disable SNI on client handshake
问题
我正在尝试创建一个JVM HTTP客户端,它在客户端握手中不会发送server_name(长话短说,我正在模拟一个不支持SNI的旧系统)。
设置SSLParameters的serverNames并不能起作用,我仍然可以在Wireshark中看到"Server Name Indication extension"。
fun run() {val keyStore = keyStore()val trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())trustFactory.init(keyStore)val sslContext = SSLContext.getInstance("SSL")sslContext.init(null, trustFactory.trustManagers, null)val httpClient = HttpClient.newBuilder().sslContext(sslContext).sslParameters(sslContext.defaultSSLParameters.apply {serverNames = null}).build()val request = HttpRequest.newBuilder().uri(URI.create("https://example.com/hello")).GET().build()httpClient.send(request, HttpResponse.BodyHandlers.ofString())}
完整代码在这个Gist链接中。
我如何阻止客户端发送SNI扩展?
英文:
I'm trying to create a JVM HTTP client which will not send server_name in the Client Handshake (long story, but I'm simulating a legacy system which doesn't support SNI).
Setting the serverNames SSLParameters doesn't do the trick, I can still see the "Server Name Indication extension" in Wireshark.
fun run() {val keyStore = keyStore()val trustFactory =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())trustFactory.init(keyStore)val sslContext = SSLContext.getInstance("SSL")sslContext.init(null, trustFactory.trustManagers, null)val httpClient = HttpClient.newBuilder().sslContext(sslContext).sslParameters(sslContext.defaultSSLParameters.apply {serverNames = null}).build()val request = HttpRequest.newBuilder().uri(URI.create("https://example.com/hello")).GET().build()httpClient.send(request, HttpResponse.BodyHandlers.ofString())}
Full code in this gist.
How can I stop the client from sending the SNI extension?
答案1
得分: 1
如果您不介意该设置应用于整个JVM,尝试使用:
jsse.enableSNIExtension=false
英文:
If you don't mind the setting applying to the whole JVM, try
jsse.enableSNIExtension=false
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论