SSL Handshake Alert: Unrecognized_Name Error Resurfacing with Java 1.7.0 Upgrade
Following the upgrade from Java 1.6 to 1.7, users may encounter an SSL handshake alert characterized by the error message "unrecognized_name." This issue arises specifically when establishing SSL connections to a webserver.
The error stems from the introduction of SNI (Server Name Indication) support in Java 7, which is enabled by default. Certain misconfigured servers respond with an "Unrecognized Name" warning during the handshake, which is ignored by most clients but not Java.
Workaround Options:
Oracle engineers have declined to address this issue. However, two main workarounds are available:
Disable SNI:
Note that disabling SNI affects the entire application.
Handle Misconfigured Servers:
For a more targeted approach, employ the following steps:
Code Example:
SSLSocketFactory factory = (SSLSocketFactory) SSLContext.getDefault().getSocketFactory(); SSLSocket sslsock = (SSLSocket) factory.createSocket(host, 443); try { sslsock.startHandshake(); } catch (SSLException e) { if (e.getMessage().equals("handshake alert: unrecognized_name")) { sslsock = (SSLSocket) factory.createSocket(host, 443); sslsock.startHandshake(); } else { // Handle other errors } }
Conclusion:
By implementing the described workarounds, users can mitigate the "unrecognized_name" error when using Java 1.7.0 and interacting with misconfigured servers while maintaining SNI capabilities for other connections.
The above is the detailed content of Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?. For more information, please follow other related articles on the PHP Chinese website!