On 9/27/2014 3:53 AM, Simone Bordet wrote: > Hi, > > On Fri, Sep 26, 2014 at 8:03 PM, Sean Mullan <sean.mul...@oracle.com> wrote: >> On 09/17/2014 01:18 PM, Simone Bordet wrote: >>> >>> For the server to differentiate between those 2 connections he would >>> need the SNI information, which I don't think it's currently available >>> in JDK 8, right ? >> >> >> No. It is. We added support for SNI in JDK 8. See: >> >> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension > > I understand one cannot extract the string with the SNI name into the > application, you can only match for certificates via SNIMatcher; and > that is the reason for SSLExplorer - to extract the SNI names. > Am I missing something ? > I used to think it is better to have SSLExplorer as a public utility but not a part of JSSE, because the extract is not involved in TLS transactions. Please let me know if the SSLExplorer cannot meet your requirements.
Xuelei > For example, how can I negotiate h2 via ALPN only for certain domains ? > > List<String> allowedDomains = ... // provided by some server configuration > SNIServerName sniName = ... // what here ? > if (allowedDomains.contains(sniName)) > doALPN(); > > Thanks ! >
