SSL Handshake Alert: Unrecognized_Name Error After Java 1.7 Upgrade
Issue Description:
After upgrading to Java 1.7, users may encounter an "SSLProtocolException: handshake alert: unrecognized_name" error when establishing SSL connections to webservers. This issue typically arises when attempting to access self-signed or misconfigured server certificates.
Cause:
Java 1.7 introduces support for Server Name Indication (SNI) by default. While most webservers effectively manage SNI, certain misconfigured servers may return an "Unrecognized Name" alert in the SSL handshake, which is ignored by most clients, except for Java.
Resolution:
To resolve this issue, you can employ one of the following workarounds:
Disable SNI via Command Line:
Run your application with the following command-line option:
java -Djsse.enableSNIExtension=false yourClass
This will globally disable SNI for the entire application.
Disable SNI in Java Code:
Alternatively, you can disable SNI programmatically by setting the "jsse.enableSNIExtension" property before any SSL actions:
System.setProperty("jsse.enableSNIExtension", "false");
Handling Unrecognized_Name Alerts:
If you wish to support misconfigured servers while still utilizing SNI:
Important Note:
Disabling SNI may compromise security best practices. If possible, configure your servers to support SNI correctly to avoid this issue.
The above is the detailed content of Why Am I Getting an 'SSLProtocolException: handshake alert: unrecognized_name' Error After Upgrading to Java 1.7?. For more information, please follow other related articles on the PHP Chinese website!