Idea ID: 2746969

smartconnectors: Suport TLS SNI correctly

Status : Declined
over 1 year ago


I found an issue with the flex REST-API connector.

It is unable to handle SNI correctly i.e.

when you connecto to a server which servers more then one https URL, the connector does not follow the "SNI"  ( correctly and gets the "server default certificate" instead of the cerificate it should get.


- imagine there wold be a rest api running on URL
- the server is also serving different URLs like

the server presents for whatever reason, the certificate for if you just call the IP/hostname - and thats what the smartconnector is doing.

if the SC would  "handle the TLS connection" correctly, the server would present the certificate.


you can test this via asd

1) openssl s_client -showcerts -connect
2) openssl s_client -showcerts -connect -servername

in case 1 you get the certificate and in
case 2 you get the right certificate.


doing some research i found a hint for the solution, unsure if the code is already in place and it is an other issue however thi site says you should ude SSLParameters.setServerNames() to solve the issue.

I also file a SR for this: SD02590356

which has some more details, like pcaps etc.

looking forward for the FR to get implemented





  • I've declined this request not because it is not valid, but because it is a bug in the software and it should be reported through the Support organization to be addressed in the current code base.

    Please open a support ticket for this behavior.