hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Sample code for sending SNI request ?
Date Wed, 17 Sep 2014 08:23:44 GMT
On Tue, 2014-09-16 at 14:25 -0700, Feroze Daud wrote:
> Also, to be clear, I am running jdk7
> 

I do not think so.

This is how SSL log looks when running on a fairly up-to-date JRE 1.7
(see 'Extension server_name' entry below).

---
%% No cached client session
*** ClientHello, TLSv
RandomCookie:  GMT: 1410937300 bytes = { 83, 97, 17, 200, 9, 15, 235,
224, 219, 25, 218, 187, 245, 205, 165, 118, 96, 99, 22, 55, 121, 37,
119, 172, 213, 18, 151, 120 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1,
sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1,
sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1,
sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1,
sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: www.google.ch]
***
---

The excerpt you posted looks like one produced with an old (pre-1.7)
JRE.

Oleg

> 
> $ java -version
> java version "1.7.0_45"
> Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
> 
> Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
> 
> 
> 
> 
> 
> On Tuesday, September 16, 2014 2:08 AM, Oleg Kalnichevski
> <olegk@apache.org> wrote:
> 
> 
> 
> On Mon, 2014-09-15 at 14:36 -0700, Feroze Daud wrote:
> 
> > hi!
> > 
> > We are using httpcomponents v 4.3.5. Last year there was a bug on
> the topic of supporting SNI on JDK7, and a patch was made in late
> december. The ship vehicle for the patch was 4.3.2.
> > 
> > However, I cannot find any example that shows how to enable this for
> the http client.
> > 
> > Please point me to some info. I can volunteer to fix the
> documentation with the details so that it might help others in the
> future.
> > 
> > Thanks.
> 
> 
> Feroze,
> 
> SNI should work completely transparently when running on Java 1.7 or
> newer. No configuration is required. If for whatever reason SSL
> handshake with SNI enabled server fails you should be able to find out
> why (and whether or not the SNI extension was properly employed) by
> turning on SSL debug logging as described here
> 
> http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug

> 
> Oleg
> 
> 
> 
> 
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message