On 8/10/23 14:03, Petar Tahchiev wrote:
Hi Jochen,
I don't have 2 different SSL certificates.
I have no idea what SNI is but that seems to be the only difference in the
log from curl and httpclient5.
https://en.wikipedia.org/wiki/Server_Name_Indication
Basically it's a feature of TLS that allows a client to send a hint to a
server so it can decide which certificate to send. With HTTPS, the SNI
value is typically the same as the Host header value that is later sent
over the encrypted channel. With httpclient implementations, the SNI
value is usually extracted from the URL that has been requested. So a
request for "https://www.example.com/some/path"; would set the SNI and
Host header to www.example.com.
This issue seems to be a case where the SNI value is missing, or maybe
sent or interpreted as the literal string "null".
It seems odd that SNI could affect a server that doesn't have more than
one certificate. Unless the server is deciding to not proceed with the
connection at all because it doesn't have a certificate that matches the
missing or incorrect SNI value.
I have seen that things can often get fuzzy with Java software and TLS,
because Sun wrote their own implementation of TLS for Java, and it
sometimes does not behave exactly the same as other implementations.
I'm not trying to say that their implementation is wrong, but it does
behave differently than another implementation like openssl.
I hope you can get the info you need to work around the difficulty.
Thanks,
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
