Reputation: 11
Apache HTTP Client SSL via custom servername SNI
I have a Apache Async Http client which I use to connect to IP addresses (instead of domain name). I want to find a way to provide the SNI information, something like this so that the SSL handshake can happen with the correct certificate.
I have tried to build something with PoolingNHttpClientConnectionManager and SSLIOSessionStrategy etc, but I don't see any option to provide the servername to the http client and make a CloseableHttpAsyncClient object. Any help will be appreciated!
An example would be to connect to an endpoint with something like openssl s_client -connect 1.2.3.4:443 -servername ab.cd.com. If I don't use the raw IP address to connect (instead use the full domain name), the SNI handling works fine with the client but I am not able to use IP address and custom servername information together using the Apache HTTP Async client (4.1.3 is the version I was trying).
I have tried to go through the Apache HTTP Client code and find a class which I can override or optionally provide the servername field. I see that it is probably required while creating the SSLSocket or SSLEngine and could be provided as part of SSLContext, but I am not finding a way to add servername via some override.
Upvotes: 1
Views: 258
Answers (0)
Related Questions
- HTTP Client SSL Connection setEnabledCipherSuites
- Problems connecting via HTTPS/SSL through own Java client
- How to make a request with HttpComponents (Java apache lib) changing Server Name Indication in TLS Handshake
- Apache Mina TLS client - Camel
- SSL handshake with SNI extension enabled - certificate selection on server
- Android HTTPS SNI support using SSLCertificateSocketFactory
- Apache CXF client error in testing server which needs Server Name Indication (SNI)