Why Am I Getting an 'unrecognized_name' SSL Handshake Alert After Upgrading to Java 1.7?-javaTutorial-php.cn

Why Am I Getting an 'unrecognized_name' SSL Handshake Alert After Upgrading to Java 1.7?

DDD

Release： 2024-12-07 07:12:10

Original

759 people have browsed it

Why Am I Getting an

SSL Handshake Alert: Unrecognized Name Issue after Upgrading to Java 1.7.0

Upon upgrading from Java 1.6 to 1.7, users may encounter an SSLHandshake alert with the error message "unrecognized_name" when establishing an SSL connection to a web server. This error is primarily due to Java 7's introduction of Server Name Indication (SNI) support, which becomes enabled by default.

To resolve this issue, there are several options available:

Disable SNI:

To disable SNI globally, the following command-line argument can be used when running the application:

-Djsse.enableSNIExtension=false

Copy after login

Alternatively, the property can be set programmatically before any SSL actions are performed:

System.setProperty("jsse.enableSNIExtension", "false");

Copy after login

However, disabling SNI may have implications for applications that require its functionality.

Handle Unrecognized Name Alerts:

Another approach involves handling the "unrecognized_name" alert more gracefully. The following steps can be taken:

// Create an SSLSocket with the desired hostname
SSLSocket sslsock = ...

// Attempt handshake
try {
    // This will block until the attempt succeeds or fails.
    sslsock.startHandshake();
} catch (SSLException e) {
    // Handle the exception here. If it contains the "unrecognized_name" message, disable SNI and retry.
}

// Disable SNI and retry handshake without hostname
if (e.getMessage().contains("unrecognized_name")) {
    sslsock = ... // Create an SSLSocket without specifying a hostname
    sslsock.startHandshake();
}

Copy after login

Allow Untrusted Certificates:

The code provided attempts to connect to a server with an untrusted certificate. To mitigate this, consider implementing custom trust management or using the built-in trust manager:

// Custom trust management (for untrusted certificates)
TrustManager[] trustAllCerts = ...

// Built-in trust manager
TrustManager[] trustManagers = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).getTrustManagers();

Copy after login

The above is the detailed content of Why Am I Getting an 'unrecognized_name' SSL Handshake Alert After Upgrading to Java 1.7?. For more information, please follow other related articles on the PHP Chinese website!