Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS request, the extension of the client hello in the tsl handshake information does not contain server_name. #12445

Closed
xiaoma0513 opened this issue Oct 30, 2024 · 2 comments
Closed

HTTPS request, the extension of the client hello in the tsl handshake information does not contain server_name. #12445

xiaoma0513 opened this issue Oct 30, 2024 · 2 comments
Labels
Bug For general bugs on Jetty side End-of-Life release

Comments

@xiaoma0513
Copy link

Jetty version(s)
jetty-client-9.4.56.
jetty-http-9.4.56.

Jetty Environment

Java version/vendor (use: java -version)
openjdk version "1.8.0_422"
build 1.8.0_422-BiSheng_JDK8_Enterprise_202.1.0.420.B002-b05)

OS type/version

eulerosv2r12.x86_64

Description
When the client sends an HTTPS request, the extension of the client hello in the tsl handshake information does not contain server_name.
image

We try to write server_name in two ways, but it does not take effect.
Example 1
SSLContext context = createSSLContext(option, custom);
SslContextFactory.Client factory = new SslContextFactory.Client(false) {
@OverRide
public void customize(SSLEngine sslEngine) {
super.customize(sslEngine);
SniProvider sniProvider = getSNIProvider();
if (sniProvider != null) {
List sniServerNames = new ArrayList<>();
sslEngine.getPeerHost();
sniServerNames.add(new SNIHostName("xxx.xxx.xxx.com")); //Here need to update the server fqdn ?
sniProvider.apply(sslEngine, sniServerNames);
}
}
};
factory.setSslContext(context);
factory.setIncludeProtocols(option.getProtocols().split(","));
factory.setIncludeCipherSuites(option.getCiphers().split(","));
factory.setRenegotiationAllowed(option.isAllowRenegociate());
factory.setEndpointIdentificationAlgorithm(null);

Example 2
SSLContext context = createSSLContext(option, custom);
SslContextFactory.Client factory = new SslContextFactory.Client(false);
List sniServerNames = new ArrayList<>();
SslContextFactory.Client.SniProvider sni = factory.getSNIProvider();
SSLEngine sslEngine = context.createSSLEngine();
sniServerNames.add(new SNIHostName("xxx.xxx.xxx.com"));
sni.apply(sslEngine, sniServerNames);
factory.setSNIProvider(sni)
factory.setSslContext(context);
factory.setIncludeProtocols(option.getProtocols().split(","));
factory.setIncludeCipherSuites(option.getCiphers().split(","));
factory.setRenegotiationAllowed(option.isAllowRenegociate());
factory.setEndpointIdentificationAlgorithm(null);

When we debug, we find that after factory.setSslContext(context), SniProvider is still No fields to display.
image

How to reproduce?
@xiaoma0513 xiaoma0513 added the Bug For general bugs on Jetty side label Oct 30, 2024
@joakime
Copy link
Contributor

joakime commented Oct 30, 2024

Jetty 9 and Jetty 10/11 are now at End of Community Support.

Upgrade to a supported version of Jetty and try again (at this point in time that would be Jetty 12).
If it continues as a problem for you, then open a new issue.

Commercial support options exist for all Jetty versions, see above links for more details.

@xiaoma0513
Copy link
Author

Jetty 9 and Jetty 10/11 are now at End of Community Support.

Upgrade to a supported version of Jetty and try again (at this point in time that would be Jetty 12). If it continues as a problem for you, then open a new issue.

Commercial support options exist for all Jetty versions, see above links for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side End-of-Life release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joakime @xiaoma0513