[security-dev 00628]: Re: SNI support in JSSE

[Michael Tandy]

> We can enable it always, I think, just as what the EC extension do now. But
> we need to consider a very small part of old servers which are not ready to
> read any extension data field, so we might need a approach to disable all
> extensions. Maybe adding a new system property to switch the extension is
> not so bad . (Personally, I dislike using system property)

Well, for old servers people have the option to use the SSL v2 Hello,
in which case the extensions don't get sent.

Do you think it's likely a server would require SSL3 or TLS, but
wouldn't support hello extensions?