With the addition of Kerberos Cipher Suites to TLS, a TLS client needs to
obtain a service ticket for the TLS server for Kerberos authentication.
The service ticket follows the kerberos naming convention
e.g host/machineName@realm. The hostname passed to the JSSE API is
used to obtain the appropriate service ticket.

As mentioned by Brad, with the addition of SSLEngine for non-blocking I/O,
an SSLEngine can be initialized with or without hostname, since the
hostname/port were being used only for caching.

This would not work for Kerberos authentication in TLS, since the hostname
is required to obtain the service ticket.