The JDK `SunJSSE` provider implementation has been enhanced to be fully compliant with RFC 6125. Prior to this release, the implementation was compliant except for one case, which has now been addressed: the implementation will not attempt to match wildcard domains in TLS certificates where the wildcard character comprises a label other than the left-most label.

If necessary, applications can workaround this restriction by implementing their own `HostnameVerifier` or `TrustManager`.