-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
P3
-
None
-
Affects Version/s: 7, 8
-
Component/s: security-libs
-
generic
-
generic
Need to support Internationalized Domain Names (IDN) in SunJSSE. Here is the known problems:
1. Endentity identification and hostname verifier problem
Mismatch occurs if the name (Subject or SubjectAltName) in X.509 certificate contains A-labels, while the hostname in URL is Unicode encoded, and vice versa.
2. Interoperability issue for Server Name Indication (SNI) extension.
RFC4366 allow UTF-8 hostname in SNI extension, while the revised RFC6066 only allows ASCII hostname. In JDK 7, if the target hostname in a URL is not ASCII compliant, servers follow RFC6066 may run into problems. We properly need to make improvement in JDK 7 to always sending ASCII hostname in SNI extension.
1. Endentity identification and hostname verifier problem
Mismatch occurs if the name (Subject or SubjectAltName) in X.509 certificate contains A-labels, while the hostname in URL is Unicode encoded, and vice versa.
2. Interoperability issue for Server Name Indication (SNI) extension.
RFC4366 allow UTF-8 hostname in SNI extension, while the revised RFC6066 only allows ASCII hostname. In JDK 7, if the target hostname in a URL is not ASCII compliant, servers follow RFC6066 may run into problems. We properly need to make improvement in JDK 7 to always sending ASCII hostname in SNI extension.