Home >Java >javaTutorial >Why Am I Getting an 'SSLProtocolException: handshake alert: unrecognized_name' Error After Upgrading to Java 1.7?

Why Am I Getting an 'SSLProtocolException: handshake alert: unrecognized_name' Error After Upgrading to Java 1.7?

Barbara Streisand
Barbara StreisandOriginal
2024-12-04 07:01:151007browse

Why Am I Getting an

SSL Handshake Alert: Unrecognized_Name Error After Java 1.7 Upgrade

Issue Description:

After upgrading to Java 1.7, users may encounter an "SSLProtocolException: handshake alert: unrecognized_name" error when establishing SSL connections to webservers. This issue typically arises when attempting to access self-signed or misconfigured server certificates.

Cause:

Java 1.7 introduces support for Server Name Indication (SNI) by default. While most webservers effectively manage SNI, certain misconfigured servers may return an "Unrecognized Name" alert in the SSL handshake, which is ignored by most clients, except for Java.

Resolution:

To resolve this issue, you can employ one of the following workarounds:

Disable SNI via Command Line:

Run your application with the following command-line option:

java -Djsse.enableSNIExtension=false yourClass

This will globally disable SNI for the entire application.

Disable SNI in Java Code:

Alternatively, you can disable SNI programmatically by setting the "jsse.enableSNIExtension" property before any SSL actions:

System.setProperty("jsse.enableSNIExtension", "false");

Handling Unrecognized_Name Alerts:

If you wish to support misconfigured servers while still utilizing SNI:

  1. Create an SSLSocket with the desired host name.
  2. Attempt to initiate a handshake (sslsock.startHandshake()).
  3. If the unrecognized_name error occurs, disable SNI by creating a new SSLSocket without a host name.

Important Note:

Disabling SNI may compromise security best practices. If possible, configure your servers to support SNI correctly to avoid this issue.

The above is the detailed content of Why Am I Getting an 'SSLProtocolException: handshake alert: unrecognized_name' Error After Upgrading to Java 1.7?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn