[Cyberduck-trac] [Cyberduck] #9257: FTPES (FTP-SSL) SNI support
Cyberduck
trac at cyberduck.io
Thu Jul 30 23:40:00 UTC 2020
#9257: FTPES (FTP-SSL) SNI support
-------------------------------+-------------------------
Reporter: andreas7 | Owner: jmalek
Type: enhancement | Status: assigned
Priority: normal | Milestone:
Component: ftp-tls | Version: 7.4.1
Severity: normal | Resolution:
Keywords: SNI FTPES FTP-SSL | Architecture: Intel
Platform: macOS 10.13 |
-------------------------------+-------------------------
Comment (by rlaager):
Right, that code looks to be passing the IP address from
_socket_.getInetAddress().getHostAddress() as the host, so the SNI won't
be sent. If you pass the client-configured hostname, SNI should hopefully
just work.
This looks to be the bug where SNI was added to OpenJDK:
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=6985179
It references an Hg changeset with a broken URL, but using the hash, I
found this (so the path just changed a little):
http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/9d6a9f65d2bf
The actual SNI is sent here:
http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/9d6a9f65d2bf#l32.349
It doesn't send the SNI if the "hostname" is an IP address. (That is
correct behavior, of course. The SNI has to be a hostname, not an IP.)
I don't know how the JDK has been restructured recently, so I'm not sure
where the current code is, but I assume it is substantially the same.
--
Ticket URL: <https://trac.cyberduck.io/ticket/9257#comment:5>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list