-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
7u11
-
None
-
windows_7
FULL PRODUCT VERSION :
java version " 1.7.0_11 "
Java(TM) SE Runtime Environment (build 1.7.0_11-b21)
Java HotSpot(TM) Client VM (build 23.6-b04, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [version 6.1.7601]
But the bug is cross platform.
A DESCRIPTION OF THE PROBLEM :
When a Java program tries to create a SSL socket specifying an IP address instead of a host name, the JVM issues many unnecessary reverse DNS lookups.
After some hours investigating the problem, I found the following piece of code in class sun.security.ssl.SSLSocketImpl:
synchronized String getHost() {
// Note that the host may be null or empty for localhost.
if (host == null || host.length() == 0) {
host = getInetAddress().getHostName();
}
return host;
}
------------------------------------------
Note that, instead of getInetAddress().getHostName(), the 'host' variable should be set to getInetAddress().getHostAddress(), so Java does not do guesswork, for example, to check certificates against hostnames.
REPRODUCIBILITY :
This bug can be reproduced always.
java version " 1.7.0_11 "
Java(TM) SE Runtime Environment (build 1.7.0_11-b21)
Java HotSpot(TM) Client VM (build 23.6-b04, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [version 6.1.7601]
But the bug is cross platform.
A DESCRIPTION OF THE PROBLEM :
When a Java program tries to create a SSL socket specifying an IP address instead of a host name, the JVM issues many unnecessary reverse DNS lookups.
After some hours investigating the problem, I found the following piece of code in class sun.security.ssl.SSLSocketImpl:
synchronized String getHost() {
// Note that the host may be null or empty for localhost.
if (host == null || host.length() == 0) {
host = getInetAddress().getHostName();
}
return host;
}
------------------------------------------
Note that, instead of getInetAddress().getHostName(), the 'host' variable should be set to getInetAddress().getHostAddress(), so Java does not do guesswork, for example, to check certificates against hostnames.
REPRODUCIBILITY :
This bug can be reproduced always.