5

Java 7 brings client support for SNI. Are there known open-source implementations of the SNI server role? Java provides "transparant support" TLS connections (including the handshake), but I need to decouple the handshake process so I can send a certificate back based on the SNI host_name extension.

After failing to find online documentation, I looked in the OpenJDK source code, but there does not seem to be a point where I can monitor the ClientHello message before Java sends the ServerHello message.

Lekensteyn
  • 64,486
  • 22
  • 159
  • 192

3 Answers3

4

I made a quick hack some time ago: https://bitbucket.org/zmarcos/sniserversocket

If you follow the instructions: https://bitbucket.org/zmarcos/sniserversocket/wiki/Home

It will work even on Java EE servers, like Glassfish.

Marcos Zolnowski
  • 2,751
  • 1
  • 24
  • 29
1

I don't know of a known open-source implementation for for Java 7, but server SNI support is coming in Java 8. If you back-port this to Java 7, I'd love to know.

user314104
  • 1,528
  • 14
  • 31
0

I came across the same problem myself and ended up writing an open source library: TLS Channel. The scope of the library is actually bigger: it is a complete abstraction for SSLEngine (which is seriously hard to use directly), exposing it as a ByteChannel.

Regarding SNI, the library does the parsing of the first bytes before creating the SSLEngine. The user can then supply a function to the server channel, to select SSLContexts depending on the received domain name.

Mariano Barrios
  • 461
  • 5
  • 10