I have some code that's been working for a long time that gets data from webapps over HTTP. It uses Apache HTTPClient (v. 4.5.2) and works great for sites with and without SSL.
Recently, I've tried to use if for another site that happens to use SNI. Everything works great on my Windows machine, but if I try to run it on an AWS EC2 Linux instance, I get a handshake failure (because of the SNI).
Here's what I'm running:
Windows Java
- java version "1.8.0_101"
- Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
- Java HotSpot(TM) Client VM (build 25.101-b13, mixed mode, sharing)
AWS Linux Java
- openjdk version "1.8.0_91"
- OpenJDK Runtime Environment (build 1.8.0_91-b14)
- OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
I'm not sure which component is ultimately responsible for the failure (Java 8, the runtime environment, HTTPClient).
I have seen this (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension), but I'm not sure how to adapt this for HTTPClient. And besides, if I had to make code changes, why would it work on Windows?
Anyone have any idea what I should do?
Edit: As suggested, I looked into the jsse.enableSNIExtension property. This seemed wrong because it looks like it's a way to turn SSL off which isn't what I want.
I tried it turned on/off on Windows, and things only worked with it on. On Linux, when it was turned on I continue to get a handshake failure.
Here's the output:
Windows - System.setProperty("jsse.enableSNIExtension", "false");
=================================================================
pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 189
pool-1-thread-1, READ: TLSv1.2 Alert, length = 2
pool-1-thread-1, RECV TLSv1.2 ALERT: fatal, internal_error
pool-1-thread-1, called closeSocket()
pool-1-thread-1, handling exception: javax.net.ssl.SSLException: Received fatal alert: internal_error
Windows - System.setProperty("jsse.enableSNIExtension", "true");
================================================================
pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 215
pool-1-thread-1, READ: TLSv1.2 Handshake, length = 93
*** ServerHello, TLSv1.2
Linux - System.setProperty("jsse.enableSNIExtension", "true");
==============================================================
pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 143
pool-1-thread-1, READ: TLSv1.2 Alert, length = 2
pool-1-thread-1, RECV TLSv1.2 ALERT: fatal, handshake_failure
pool-1-thread-1, called closeSocket()
pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure