Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-6838

HTTP client TLS SNI Server Name Indication support broken

    XMLWordPrintable

    Details

    • Sprint:
      Sprint 25

      Description

      Server Name Indication (in short SNI) [1] is new feature of TLS, allowing basically "virtual hosting" over same HTTPS endpoint.

      ASF HttpClient has SNI support since version 4.3.2, see [2].

      Still, as we use our own SSL SocketFactory, the SNI does not work. This blocks for example HTTPS access of NPM registry.npmjs.org that uses Fastly CDN, that relies on SNI.

      [1] http://en.wikipedia.org/wiki/Server_Name_Indication
      [2] https://issues.apache.org/jira/browse/HTTPCLIENT-1119

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              scarlucci Steve Carlucci
              Reporter:
              cstamas Tamás Cservenák
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  tigCommentSecurity.panel-title