Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/grahamedgecombe/netty-sni-example

An example of how to use server-side SNI in Netty with Java 8.
https://github.com/grahamedgecombe/netty-sni-example

java netty ssl

Last synced: 5 days ago
JSON representation

An example of how to use server-side SNI in Netty with Java 8.

Awesome Lists containing this project

README 

        
This is a quick example demonstrating how to use Java 8's server-side SNI

support in Netty.



`SniKeyManager` is a key manager which wraps around the default key manager. It

forwards most methods to the default key manager. However, it implements its

own logic for the `chooseEngineServerAlias()` method - using SNI to pick which

certificate to use.



I've included an example key store with two self-signed certificates for

`test1.example.com` and `test2.example.com`.



You can use `openssl s_client` to check it works:



    $ openssl s_client -connect localhost:8443 -servername test1.example.com 2>&1 | grep "subject="

    subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=test1.example.com



    $ openssl s_client -connect localhost:8443 -servername test2.example.com 2>&1 | grep "subject="

    subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=test2.example.com



If an unknown hostname is given, it falls back to `test1.example.com`:



    $ openssl s_client -connect localhost:8443 -servername unknown.example.com 2>&1 | grep "subject="

    subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=test1.example.com



If the client does not support SNI, it also falls back to `test1.example.com`:



    $ openssl s_client -connect localhost:8443 2>&1 | grep "subject="

    subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=test1.example.com