Why Am I Getting an 'Unrecognized Name' SSL Handshake Error After Upgrading to Java 1.7.0?

SSL Handshake Alert: Unrecognized Name Error Post-Java 1.7.0 Upgrade

With the upgrade to Java 1.7.0, users have encountered an "Unrecognized Name" error during SSL handshakes. This error stems from Java 7's default enablement of Server Name Indication (SNI) support.

However, certain misconfigured servers respond to this feature with the aforementioned error, leading to Java's handling of it becoming an impediment.

Workaround Solutions:

1. Disable SNI Extension:

To bypass this issue temporarily, execute your application with the following command:

java -Djsse.enableSNIExtension=false yourClass

Alternatively, set the property within the Java code before any SSL operations:

System.setProperty("jsse.enableSNIExtension", "false");

Note that this method disables SNI functionality globally.

2. Hybrid Approach (Enabling SNI While Handling Misconfigurations):

To utilize SNI while accommodating misconfigured servers, implement the following steps:

1. Create an SSLSocket with the intended hostname (sslsock).
2. Execute sslsock.startHandshake(). If the connection encounters the "Unrecognized Name" error, proceed to step 3.
3. Retry opening a new SSLSocket without a hostname, effectively disabling SNI.

Webscarab Proxy Implementation:

This approach has been implemented in the Webscarab SSL proxy to handle the issue effectively.

The above is the detailed content of Why Am I Getting an 'Unrecognized Name' SSL Handshake Error After Upgrading to Java 1.7.0?. For more information, please follow other related articles on the PHP Chinese website!