我目前有一个应用程序可以向很多 URL 发出 HTTP post 请求。某些连接失败,出现以下异常。
Exception in thread "main" javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1410) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2004) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1113) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at com.amazon.cba.iopn.test.MainTest.connectWithFallbackIfRequired(MainTest.java:246) at com.amazon.cba.iopn.test.MainTest.createHttpConnection(MainTest.java:201) at com.amazon.cba.iopn.test.MainTest.processLine(MainTest.java:105) at com.amazon.cba.iopn.test.MainTest.main(MainTest.java:99)
我看了网上的其他文章后发现这是服务器配置的问题。回复的服务器抛出一个警告,Java 将其视为异常。解决方法是将 jsse.enableSNIExtension 设置为“false”。
- 如果将 jsse.enableSNIExtension 系统属性设置为 false,客户端会面临哪些安全风险?
PS: 我们尝试通过 HTTPS 连接的所有 URL。所以,会有证书验证。
最佳答案
来自甲骨文(http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html):
It enables TLS connections to virtual servers, in which multiple servers for different network names are hosted at a single underlying network address
如果您禁用 jsse.enableSNIExtension,您将无法连接到虚拟服务器下的页面
关于java - 将 "jsse.enableSNIExtension"设置为 false 的安全后果是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32067124/