(3rd Round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension

[Xuelei Fan]

On 8/13/2012 11:34 AM, Weijun Wang wrote:
>  511      * If a server name type is not contained in the returned <code>Map</code>,
>  512      * an SSL/TLS handshaking should not be interrupted for reasons of
>  513      * unrecognized server name of that type.
> 
> Is this only Oracle JSSE behavior? Or every vendor should do that? Of course, I have no good idea how a server can get a default pattern.
> 
It's the required behavior for all providers.  According to TLS
extensions spec, a server run into unknown extensions, it should ignore
the extension and continue the transactions.  And for compatibilities, a
server also should ignore the SNI extension.  So I would like it to be a
behavior of all providers.

> SSLSocketFactory.java:
>  202      * <P>
>  203      * Please NOTE that the application is responsible for ensuring that this
>  204      * method must be called before any handshaking occurs, and all
>  205      * consumed network data must be resumable from the <code>consumed</code>
>  206      * parameter.  Otherwise, the behavior of the returned socket is not
>  207      * defined.
> 
> I think the precise meaning of "any handshaking occurs" is "any bytes is sent back to client"?
> 
Yes, I will do dome word smithing here.

Thanks,
Xuelei