Re: SNI not sent with Java 22+ using java.net.http.HttpClient.Builder#sslParameters

[Nicolas Henneaux]

I dig a bit deeper on this subject and I think it has been introduced by https://github.com/openjdk/jdk/commit/ba837b4bfa2dea85653d8a8fccd0817a569b4378#diff-25625467b43d4f533bace30665a2d8aaaf60ec7323bd424ff7683e5afd722d14R130 using the hostname from the HTTP request and not using sslParameters#setServerNames anymore. In the library, I force the IP in the HTTP request to enforce the target IP keeping the HTTP host header and SNI aligned with the actual value. The detected SNI is then empty, is it possible to support both detected and specified SNI? Thanks for the help in advance, Best regards, Nicolas Henneaux On Nov 18, 2024, at 4:25 PM, Nicolas Henneaux <nicolas at henneaux.io> wrote: Hi all, I have built a small library to target several IP behind a given HTTPS endpoint based on java.net .http.HttpClient, https://github.com/nhenneaux/resilient-httpclient . It relies for some endpoints on SNI server name specified through method java.net .http.HttpClient.Builder#sslParameters#setServerNames. Since Java 22, it does not work properly for some endpoints, e.g. google.com . I have enabled debug ssl logs and I get the following log indicating the SNI is ignored. javax.net .ssl|WARNING|62|HttpClient-1-Worker-0|2024-11-18 15:51:49.496 CET|ServerNameExtension.java:265|Unable to indicate server name javax.net .ssl|DEBUG|62|HttpClient-1-Worker-0|2024-11-18 15:51:49.496 CET|SSLExtensions.java:272|Ignore, context unavailable extension: server_name I have a pull request showing the issue for some hosts https://github.com/nhenneaux/resilient-httpclient/pull/68/files . Is it something expected on Java 22+ or a bug was introduced? Thank you for your help, Best regards, Nicolas Henneaux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/net-dev/attachments/20241118/5c50c211/attachment-0001.htm>