(2nd round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension

Xuelei Fan xuelei.fan at oracle.com
Thu Aug 9 01:57:27 UTC 2012 

Please review the design of JEP 114, TLS Server Name Indication (SNI)
Extension.

The webrev: http://cr.openjdk.java.net./~xuelei/7068321/webrev_spec.01/

The following is a list of typical user cases, and the demo code using
this spec for each case.


Typical user cases for client side:

Case 1: I want to access "www.example.com"
   sslParameters.setServerName("host_name", "www.example.com");
   Set the host name explicit.

   It is recommend that the client always specify the host name.

Case 2: The server has some compatibility issues, I do not want
to use server name indication for hostname because of the compatibility
concerns.
   sslParameters.setServerName("host_name", "");
   I will not use server name indication for host_name.

Case 3: I want to access URL, "https://www.example.com".
   Doing nothing, the provider default behaviors will set the hostname
for me. I don't care about what's the real server name indication.

   Note that it is the compatible behaviors of JDK 7.

Case 4: the parameter was previously set to "www.example.com" (see
Case 1), but I want to use the provider default value. I need to remove
the previous set value.
   sslParameters.setServerName("host_name", null);



Typical user cases for application server side:

Case 1: I want to accept all kind of server name indication
    Doing nothing, the server will ignore the server name indication

Case 2: I want to deny all server name indication of type host name
    sslParameters.setServerName("hostname", "");

Case 3: I want to accept all kind of server name indication, but
previously, I have set the server name indication to other values. I
need to reset the value
    sslParameters.setServerName("hostname", null);

Case 4: I want to accept server name indication of "www.example.com".
   sslParameters.setServerName("host_name", "www.example.com");

Case 5: I want to accept server name indication of
"www.xuelei.com", but I also have alternative names of "www.example.edu"
and "www.example.org".
   sslParameters.setServerName("host_name", "www.example.com");
   sslParameters.setServernamePattern("host_name",
          Pattern.compile("www\\.example\\.(edu|org)"));

Case 6: I want to accept server name indication of
"www.example.com", and I have no alternative name. But I need to make
sure that other component does not set alternative name for me in
previous calling.
   sslParameters.setServerName("host_name", "www.example.com");
   sslParameters.setServernamePattern("host_name", null);


Typical user cases for dispatch server:
A dispatch server is one server who parsers the server name indication,
and dispatches the connection to the right/real server on a virtual
hosting environment.

See section 2, "The How-To and Scenarios in Example" of the README:
   http://cr.openjdk.java.net./~xuelei/7068321/README

I appreciate any feedback about the spec.

Thanks & Regards,
Xuelei

More information about the security-dev mailing list