[Cyberduck-trac] [Cyberduck] #9257: FTPES (FTP-SSL) SNI support

Cyberduck trac at cyberduck.io
Thu Jul 30 23:40:00 UTC 2020

#9257: FTPES (FTP-SSL) SNI support
 Reporter:  andreas7           |         Owner:  jmalek
     Type:  enhancement        |        Status:  assigned
 Priority:  normal             |     Milestone:
Component:  ftp-tls            |       Version:  7.4.1
 Severity:  normal             |    Resolution:
 Keywords:  SNI FTPES FTP-SSL  |  Architecture:  Intel
 Platform:  macOS 10.13        |

Comment (by rlaager):

 Right, that code looks to be passing the IP address from
 _socket_.getInetAddress().getHostAddress() as the host, so the SNI won't
 be sent. If you pass the client-configured hostname, SNI should hopefully
 just work.

 This looks to be the bug where SNI was added to OpenJDK:

 It references an Hg changeset with a broken URL, but using the hash, I
 found this (so the path just changed a little):

 The actual SNI is sent here:

 It doesn't send the SNI if the "hostname" is an IP address. (That is
 correct behavior, of course. The SNI has to be a hostname, not an IP.)

 I don't know how the JDK has been restructured recently, so I'm not sure
 where the current code is, but I assume it is substantially the same.

Ticket URL: <https://trac.cyberduck.io/ticket/9257#comment:5>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list