-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
7
-
x86
-
windows_7
(Original description used the acronym ISN, but assuming they meant SNI. Am replacing with SNI throughout the report. - Brad)
FULL PRODUCT VERSION :
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Various
A DESCRIPTION OF THE PROBLEM :
The new Feature of Java 7 to send the hostname in the SSL handshake (SNI) has the problem, that it triggers often SSL Handshake Alerts.
This could be regarded as a configuration problem of the server (server does not know which hostnames to serve), however since most Browsers happyly connect to those servers, the JSSE implementation should have a way to ignore this specific warning:
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at xxx
Besides ignoring the ClientHandshaker.handshakeAlert(112) it would also help to turn ISN off for those peers.
REGRESSION. Last worked in version 6u29
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This specific stacktrace was created by:
new URL("https://timestamp.geotrust.com/tsa")).openConnection();
(I dont know what name the SSL Server would accept without warning)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
connection to that server
ACTUAL -
above exception
ERROR MESSAGES/STACK TRACES THAT OCCUR :
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
REPRODUCIBILITY :
This bug can be reproduced always.
FULL PRODUCT VERSION :
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Various
A DESCRIPTION OF THE PROBLEM :
The new Feature of Java 7 to send the hostname in the SSL handshake (SNI) has the problem, that it triggers often SSL Handshake Alerts.
This could be regarded as a configuration problem of the server (server does not know which hostnames to serve), however since most Browsers happyly connect to those servers, the JSSE implementation should have a way to ignore this specific warning:
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
at xxx
Besides ignoring the ClientHandshaker.handshakeAlert(112) it would also help to turn ISN off for those peers.
REGRESSION. Last worked in version 6u29
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
This specific stacktrace was created by:
new URL("https://timestamp.geotrust.com/tsa")).openConnection();
(I dont know what name the SSL Server would accept without warning)
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
connection to that server
ACTUAL -
above exception
ERROR MESSAGES/STACK TRACES THAT OCCUR :
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-