Why Do I Get an 'Unrecognized_Name' SSL Handshake Alert After Upgrading to Java 1.7?

SSL Handshake Alert: "Unrecognized_Name" Error After Upgrading to Java 1.7.0

With the upgrade to Java 1.7, users have encountered an "unrecognized_name" error when establishing HTTPS connections. This issue stems from the introduction of Server Name Indication (SNI) support in Java 7, enabled by default.

Cause

Certain misconfigured servers issue an "Unrecognized Name" warning during the SSL handshake. Unfortunately, Java is one of the few clients that fail to ignore this warning.

Workaround

To address this issue, users can disable SNI support using:

java -Djsse.enableSNIExtension=false yourClass

Alternatively, they can set the property in their Java code:

System.setProperty("jsse.enableSNIExtension", "false");

Note: This property must be set before performing any SSL actions, as changing it afterward will have no effect on SNI status.

Hybrid Solution for SNI Preservation

If disabling SNI altogether is unfeasible, consider the following hybrid approach:

1. Create an SSLSocket with the desired hostname and attempt the handshake.
2. If an "unrecognized_name" exception is encountered, retry without specifying a hostname to disable SNI.
3. This approach allows for SNI usage with fallback for misconfigured servers.

The above is the detailed content of Why Do I Get an 'Unrecognized_Name' SSL Handshake Alert After Upgrading to Java 1.7?. For more information, please follow other related articles on the PHP Chinese website!