-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Peter,
On 11/13/14 3:40 PM, Peter Robbins wrote: > Chris, > > With SSLv3 enabled it succeeds. That makes sense since SNI is only > TLS. > > > I don't have a stack trace, since the exception is handled and > handshake aborted, but here's the debug output: > http://pastebin.com/ShqZQVC7. > > Digging a little more into this I think this might be a Java issue. > From what I can tell Tomcat is just calling getSession() on the > SSLEngine that jsse sends back to it and Java is the one that's not > honoring the jsse.enableSNIextension flag. Changing to a Java 7 > runtime fixes the issue (since jsse doesn't have server-side SNI > support in JRE7), so that being the differentiator, I'll try my > luck filing a bug with Oracle. >_< > > I might play around and see if an APR setup demonstrates the same > behavior. I would guess that APR would be okay, since httpd can handle the training dot (but the client will still complain that the certificate was issued for "host" and not "host."). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUZWA9AAoJEBzwKT+lPKRYW2wQAKs19n0KUNHjgnYgYDTsZTid kSDDf4RxYmKCeoCHmm0Q9n6tzgQUERgt83QL8Mc5a9nN5YSyIEfLPmTLubCmARfk iapOdlSWc6PK0Fx39W+D1vzn4N/HrEOCVGY1oG9+WcrfC2+csgyaWeMmU8Vobe+6 NC3N3xgho1omvyCKWY+CqOgvN+BU6TKz6/sr6WZhI/NNunqZUsIx50OWo8tVmnpg bpkZpPge5ABPfZBAcUxfT+7OXRXKMXjBcyZ16WWPD/yl68o/91s49qHLaVxhqJbs ZHb/46jsdvQo7XzbgVtiC+jAq7xSdlEurVC9JmYf92sLl8QrguVYeYeNregz89qC DYvLcva/V6W4KOgxFEp+4isSrCLKYO/ud7yoREt7M80X020JZTv9Z4OiLWJ3MwC9 TVhHHa2sbctrxnO4486RdihOdhi13A3kQCEgaba/5H7uacF+p61lDtQHvgwsZZwa z/BmCowiFcSFr6c1EEQsG9J7DRtVqHVaJxjdrJaE+4pSQeiB1yVUW7AzBJWLFWxQ wF+LFl4dhBQ0kAFprJ3EGWQjjAgJYxtAzhX8APKQVcJw51CijHtQp4E8gP7dITAZ OZbXcWLloXbaUIj/wVDDsZApyqx4R1Qfhw0PGlB54TamF0zwXzASHUnhCm0hU0Fd Nvch354M15l86g1RdEbs =ReS2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
