-
Bug
-
Resolution: Fixed
-
P3
-
8u66, 9
-
b116
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8184872 | 8u162 | Ramanand Patil | P3 | Resolved | Fixed | b01 |
JDK-8183458 | 8u161 | Ramanand Patil | P3 | Resolved | Fixed | b01 |
JDK-8159569 | 8u152 | Ramanand Patil | P3 | Resolved | Fixed | b01 |
JDK-8182206 | 8u151 | Unassigned | P3 | Resolved | Fixed | b01 |
JDK-8179840 | 8u141 | Ramanand Patil | P3 | Resolved | Fixed | b08 |
JDK-8192478 | emb-8u161 | Ramanand Patil | P3 | Resolved | Fixed | b01 |
JDK-8184589 | emb-8u151 | Unassigned | P3 | Resolved | Fixed | b01 |
JDK-8179970 | emb-8u141 | Ramanand Patil | P3 | Resolved | Fixed | b08 |
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
OS X 10.11.1
A DESCRIPTION OF THE PROBLEM :
Refering to
I wonder why your Devs can`t reproduce the problem, but I guess it because of his proxy settings.
Taking the following test and grep for
Extension server_name, server_name: [type=host_name (0), value=www.google.com]
First method leads to intended output, second method setting hostnameverifier doesn't.
import javax.net.ssl.HttpsURLConnection;
import java.net.URL;
public class SslTest {
static {
System.setProperty("javax.net.debug", "ssl,handshake");
}
@Test
public void testHandshake() throws Exception {
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.getInputStream();
}
@Test
public void testHandshakeHostnameVerifier() throws Exception {
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier((s, sslSession) -> true);
conn.getInputStream();
}
}
Sorry for the duplicate, but it is not possible to reopen or comment a bug.
REGRESSION. Last worked in version 8u66
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
import javax.net.ssl.HttpsURLConnection;
import java.net.URL;
public class SslTest {
static {
System.setProperty("javax.net.debug", "ssl,handshake");
}
@Test
public void testHandshake() throws Exception {
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.getInputStream();
}
@Test
public void testHandshakeHostnameVerifier() throws Exception {
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier((s, sslSession) -> true);
conn.getInputStream();
}
}
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Use of SNI Extension in both test methods
Debug Information contains:
Extension server_name, server_name: [type=host_name (0), value=www.google.com]
ACTUAL -
SNI is used without custom host name verifier only.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import javax.net.ssl.HttpsURLConnection;
import java.net.URL;
public class SslTest {
static {
System.setProperty("javax.net.debug", "ssl,handshake");
}
@Test
public void testHandshake() throws Exception {
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.getInputStream();
}
@Test
public void testHandshakeHostnameVerifier() throws Exception {
URL url = new URL("https://www.google.com");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier((s, sslSession) -> true);
conn.getInputStream();
}
}
---------- END SOURCE ----------
- backported by
-
JDK-8159569 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8179840 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8179970 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8182206 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8183458 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8184589 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8184872 Custom HostnameVerifier disables SNI extension
- Resolved
-
JDK-8192478 Custom HostnameVerifier disables SNI extension
- Resolved
- duplicates
-
JDK-8144567 SNI does not work with HTTPSUrlConnection and a custom HostnameVerifier
- Closed
-
JDK-8144569 Custom HostnameVerifier breaks SNI connection
- Closed
-
JDK-8163267 Inconsistent behavior when using SSL over socks proxy
- Closed
- relates to
-
JDK-8072464 Custom HostnameVerifier disables SNI support on client in Java 8
- Closed
-
JDK-8155049 New tests from 8144566 fail with "No expected Server Name Indication"
- Closed