search

Home >Java >javaTutorial >Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?

Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?

Linda Hamilton
Linda HamiltonOriginal
2024-12-11 17:00:19403browse

Why Does Java 1.7.0 Produce an

SSL Handshake Alert: Unrecognized_Name Error Resurfacing with Java 1.7.0 Upgrade

Following the upgrade from Java 1.6 to 1.7, users may encounter an SSL handshake alert characterized by the error message "unrecognized_name." This issue arises specifically when establishing SSL connections to a webserver.

The error stems from the introduction of SNI (Server Name Indication) support in Java 7, which is enabled by default. Certain misconfigured servers respond with an "Unrecognized Name" warning during the handshake, which is ignored by most clients but not Java.

Workaround Options:

Oracle engineers have declined to address this issue. However, two main workarounds are available:

Disable SNI:

  • Run the application with the command: java -Djsse.enableSNIExtension=false yourClass
  • Set the property programmatically: System.setProperty("jsse.enableSNIExtension", "false");

Note that disabling SNI affects the entire application.

Handle Misconfigured Servers:

For a more targeted approach, employ the following steps:

  1. Create an SSLSocket with the host name.
  2. Attempt to start the handshake.
  3. Check for an "unrecognized_name" error.
  4. If an error occurs, retry opening an SSLSocket without a host name (effectively disabling SNI).

Code Example:

SSLSocketFactory factory = (SSLSocketFactory) SSLContext.getDefault().getSocketFactory();
SSLSocket sslsock = (SSLSocket) factory.createSocket(host, 443);
try {
  sslsock.startHandshake();
} catch (SSLException e) {
  if (e.getMessage().equals("handshake alert:  unrecognized_name")) {
    sslsock = (SSLSocket) factory.createSocket(host, 443);
    sslsock.startHandshake();
  } else {
    // Handle other errors
  }
}

Conclusion:

By implementing the described workarounds, users can mitigate the "unrecognized_name" error when using Java 1.7.0 and interacting with misconfigured servers while maintaining SNI capabilities for other connections.

The above is the detailed content of Why Does Java 1.7.0 Produce an 'unrecognized_name' SSL Handshake Alert, and How Can It Be Resolved?. For more information, please follow other related articles on the PHP Chinese website!

Java if for while Error using Property default this alert oracle ssl issue Other
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to Efficiently Convert an ArrayList of Integers to a Primitive int Array in Java?Next article:How to Efficiently Convert an ArrayList of Integers to a Primitive int Array in Java?

Related articles

See more