Idea ID 2746969
I found an issue with the flex REST-API connector.
It is unable to handle SNI correctly i.e.
when you connecto to a server which servers more then one https URL, the connector does not follow the "SNI" (https://en.wikipedia.org/wiki/Server_Name_Indication) correctly and gets the "server default certificate" instead of the cerificate it should get.
the server presents for whatever reason, the certificate for icecreamforfree.com if you just call the IP/hostname - and thats what the smartconnector is doing.
if the SC would "handle the TLS connection" correctly, the server would present the lifeistoshort.com certificate.
you can test this via asd
1) openssl s_client -showcerts -connect lifeistoshort.com:443
2) openssl s_client -showcerts -connect lifeistoshort.com:443 -servername lifeistoshort.com
in case 1 you get the icecreamforfree.com certificate and in
case 2 you get the right lifeistoshort.com certificate.
doing some research i found a hint for the solution, unsure if the code is already in place and it is an other issue however thi site https://bugs.openjdk.java.net/browse/JDK-8173168 says you should ude SSLParameters.setServerNames() to solve the issue.
I also file a SR for this: SD02590356
which has some more details, like pcaps etc.
looking forward for the FR to get implemented
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.