Thanks Chris. Yes, I misspelled it, I said I'm not a developer. LOL I'm just trying to figure out WHY that setting would blow up a spring coded outbound connection like that.
Thanks, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: Christopher Schultz <ch...@christopherschultz.net> > Sent: Friday, May 26, 2023 11:17 AM > To: users@tomcat.apache.org > Subject: Re: OT: java.net.socket exception > > Mark, Jon, > > On 5/26/23 04:39, Mark Thomas wrote: > > On 25/05/2023 20:46, jonmcalexan...@wellsfargo.com.INVALID wrote: > >> So, to start I'm not a developer. With that said, have a development > >> team that is getting the exception below in their Tomcat 9.0.74 > >> implementation using Java 11 (also with Java 8). After much > >> troubleshooting with their configuration, it turned out to be this in > >> the JAVA_OPTIONS: > >> > >> -Djsse.enableSNIExtention=false > >> > >> Once I removed that, the exception and 500 error went away and things > >> work properly. > >> > >> Is there an issue using this Java Option? > > > > The exception is happening on an outgoing connection so this isn't > > really a Tomcat issue. > > > > Some quick research indicated that this setting can be used as a > > work-around for JSSE throwning an exception for some TLS warnings. > > > > Disabling SNI seems like a bad idea to me. I'd expect most sites to be > > using it. > > +1 > > BTW you misspelled the system property above, Jon. It's > jsse.enableSNIExtension (t -> s). > > > If removing the option fixes the issues then I'd go with removing the > > option. > > > > Finally, I'd try tracking down why the option was added in the first > > place and see if that reasoning still applies. > > +1 > > These days, SNI is basically /the/ way to identify the target hostname to a > server. All modern software should support it and do it properly. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
