Java TLS:在客户端握手时禁用SNI [英] Java TLS: Disable SNI on client handshake
本文介绍了Java TLS:在客户端握手时禁用SNI的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试创建一个不会在客户端握手中发送server_name
的JVM HTTP客户端(长话说,但是我正在模拟一个不支持SNI的旧系统).
I'm trying to create a JVM HTTP client which will not send server_name
in the Client Handshake (long story, but I'm simulating a legacy system which doesn't support SNI).
设置serverNames
SSLParameters
并不能解决问题,我仍然可以看到服务器名称指示扩展名"在Wireshark中.
Setting the serverNames
SSLParameters
doesn't do the trick, I can still see the "Server Name Indication extension" in Wireshark.
fun run() {
val keyStore = keyStore()
val trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
trustFactory.init(keyStore)
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustFactory.trustManagers, null)
val httpClient = HttpClient.newBuilder()
.sslContext(sslContext)
.sslParameters(sslContext.defaultSSLParameters.apply {
serverNames = null
})
.build()
val request = HttpRequest.newBuilder()
.uri(URI.create("https://example.com/hello"))
.GET()
.build()
httpClient.send(request, HttpResponse.BodyHandlers.ofString())
}
如何阻止客户端发送SNI扩展名?
How can I stop the client from sending the SNI extension?
推荐答案
如果您不介意将设置应用于整个JVM,请尝试
If you don't mind the setting applying to the whole JVM, try
jsse.enableSNIExtension=false
这篇关于Java TLS:在客户端握手时禁用SNI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文