Hi, On Fri, Sep 26, 2014 at 8:03 PM, Sean Mullan <sean.mul...@oracle.com> wrote: > On 09/17/2014 01:18 PM, Simone Bordet wrote: >> >> For the server to differentiate between those 2 connections he would >> need the SNI information, which I don't think it's currently available >> in JDK 8, right ? > > > No. It is. We added support for SNI in JDK 8. See: > > http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension
I understand one cannot extract the string with the SNI name into the application, you can only match for certificates via SNIMatcher; and that is the reason for SSLExplorer - to extract the SNI names. Am I missing something ? For example, how can I negotiate h2 via ALPN only for certain domains ? List<String> allowedDomains = ... // provided by some server configuration SNIServerName sniName = ... // what here ? if (allowedDomains.contains(sniName)) doALPN(); Thanks ! -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz