Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?-javaTutorial-php.cn

Home

Java

javaTutorial

Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?

Dec 11, 2024 pm 05:00 PM

Why Does Java 1.7.0 Produce an

SSL Handshake Alert: Unrecognized_Name Error Resurfacing with Java 1.7.0 Upgrade

Following the upgrade from Java 1.6 to 1.7, users may encounter an SSL handshake alert characterized by the error message "unrecognized_name." This issue arises specifically when establishing SSL connections to a webserver.

The error stems from the introduction of SNI (Server Name Indication) support in Java 7, which is enabled by default. Certain misconfigured servers respond with an "Unrecognized Name" warning during the handshake, which is ignored by most clients but not Java.

Workaround Options:

Oracle engineers have declined to address this issue. However, two main workarounds are available:

Disable SNI:

Run the application with the command: java -Djsse.enableSNIExtension=false yourClass
Set the property programmatically: System.setProperty("jsse.enableSNIExtension", "false");

Note that disabling SNI affects the entire application.

Handle Misconfigured Servers:

For a more targeted approach, employ the following steps:

Create an SSLSocket with the host name.
Attempt to start the handshake.
Check for an "unrecognized_name" error.
If an error occurs, retry opening an SSLSocket without a host name (effectively disabling SNI).

Code Example:

SSLSocketFactory factory = (SSLSocketFactory) SSLContext.getDefault().getSocketFactory();
SSLSocket sslsock = (SSLSocket) factory.createSocket(host, 443);
try {
  sslsock.startHandshake();
} catch (SSLException e) {
  if (e.getMessage().equals("handshake alert:  unrecognized_name")) {
    sslsock = (SSLSocket) factory.createSocket(host, 443);
    sslsock.startHandshake();
  } else {
    // Handle other errors
  }
}

Copy after login

Conclusion:

By implementing the described workarounds, users can mitigate the "unrecognized_name" error when using Java 1.7.0 and interacting with misconfigured servers while maintaining SNI capabilities for other connections.

The above is the detailed content of Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn