扩展server_name (SNI扩展)未随JAVA 8一起发送

Question

当我在java 8中使用以下代码时，有人知道为什么我没有服务器扩展名吗？

try {
            URL url = new URL(urlString);
            URLConnection conn = url.openConnection();
            conn.setDoOutput(true);

            OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
            wr.write(requestString);
            wr.flush();
            // Get the response
            BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
            String line;
            String response = "";
            while ((line = rd.readLine()) != null) {
                response += line;
            }
            wr.close();
            rd.close();

            return response;
        } catch (IOException ex) {
            System.err.println(ex); return ex.toString();
        }

使用JAVA 7，所有的功能都很好。但JAVA 8就不行了。

当我激活ssl调试时，我注意到SNI不是在握手中发送的：

*** ClientHello, TLSv1 
2017-02-20 19:28:18,002 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] RandomCookie:  GMT: 1470841681 bytes = { 25, 147, 132, 94, 6, 112, 89, 50, 116, 255, 80, 95, 125, 122, 43, 167, 180, 116, 63, 225, 37, 223, 247, 196, 90, 33, 242, 8 } 
2017-02-20 19:28:18,003 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Session ID:  {} 
2017-02-20 19:28:18,003 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
2017-02-20 19:28:18,004 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Compression Methods:  { 0 } 
2017-02-20 19:28:18,005 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
2017-02-20 19:28:18,005 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] Extension ec_point_formats, formats: [uncompressed] 
2017-02-20 19:28:18,008 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] *** 
2017-02-20 19:28:18,009 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, WRITE: TLSv1 Handshake, length = 137 
2017-02-20 19:28:18,027 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, handling exception: java.net.SocketException: Connection reset 
2017-02-20 19:28:18,027 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message 
2017-02-20 19:28:18,028 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, WRITE: TLSv1.2 Alert, length = 2 
2017-02-20 19:28:18,030 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, Exception sending alert: java.net.SocketException: Broken pipe 
2017-02-20 19:28:18,031 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, called closeSocket() 
2017-02-20 19:28:18,032 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, called close() 
2017-02-20 19:28:18,033 INFO   [org.jboss.stdio.AbstractLoggingWriter:write:71(default task-11)] default task-11, called closeInternal(true)

注意，我不使用setHostnameVerifier(..)，我使用的是通配符10。

Answer 1

看看Java 8中的安全增强，它表示：

在JDK 7中，SunJSSE默认为客户端应用程序启用了SNI扩展。JDK 8支持服务器应用程序的SNI扩展。

文档将显示您的代码必须进行一些更改才能立即启用它--有关代码示例，请参见the SNIExtension。