본문 바로가기
Programing/Java

javax.net.ssl.SSLProtocolException 해결책

by Tomining 2015. 12. 31.

 URL Connection 을 사용하여 https URL 을 호출하던 중 아래와 같은 오류가 발생하였다.

javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

구글링을 해보니, Java 1.7 에서 SNI support 가 기본적으로 enable 되어서 발생한 것으로 확인되었다.

이를 해결하기 위해서는 2가지 방법이 있다.

  1. -Djsse.enableSNIExtension=false 옵션추가
  2. System.setProperty(“jsse.enableSNIExtension”, “false”);

이 외에도 구글링을 해보면 Apache 설정 중 ServerAlias 설정으로 인해 발생하는 경우도 있다고 한다.

I had what I believe the same issue is. I found that I needed to adjust the Apache configuration to include a ServerName or ServerAlias for the host.

This code failed:

public class a {
   public static void main(String [] a) throws Exception {
      java.net.URLConnection c = new java.net.URL("https://mydomain.com/").openConnection();
      c.setDoOutput(true);
      c.getOutputStream();
   }
}

And this code worked:

public class a {
   public static void main(String [] a) throws Exception {
      java.net.URLConnection c = new java.net.URL("https://google.com/").openConnection();
      c.setDoOutput(true);
      c.getOutputStream();
   }
}

Wireshark revealed that during the TSL/SSL Hello the warning Alert (Level: Warning, Description: Unrecognized Name), Server Hello Was being sent from the server to the client. It was only a warning, however, Java 7.1 then responded immediately back with a "Fatal, Description: Unexpected Message", which I assume means the Java SSL libraries don't like to see the warning of unrecognized name.

From the Wiki on Transport Layer Security (TLS):

112 Unrecognized name warning TLS only; client's Server Name Indicator specified a hostname not supported by the server

This led me to look at my Apache config files and I found that if I added a ServerName or ServerAlias for the name sent from the client/java side, it worked correctly without any errors.

<VirtualHost mydomain.com:443>
 
ServerName mydomain.com
 
ServerAlias www.mydomain.com

TLS 구현 버그라는 말이 있긴 하나, 이 방법으로 해결한 사람도 있다고 한다.