[guardian-dev] SNI with NetCipher's HttpsURLConnection

Hans-Christoph Steiner hans at guardianproject.info
Wed Feb 24 15:12:38 EST 2016


When using NetCipher 1.2's getHttpURLConnection() method to get a nicely
configured TLS connection, it fails on sites that use SNI HTTPS aliases:

https://gitlab.com/fdroid/fdroidclient/issues/431#note_3914913

I'm a bit at a loss as to why this would happen, since NetCipher only
changes the algorithms and TLS protocol versions, and uses
sslcontext.init(null, null, null) to get the defaults there.

https://github.com/guardianproject/NetCipher/blob/1.2/libnetcipher/src/info/guardianproject/netcipher/NetCipher.java#L252
https://github.com/guardianproject/NetCipher/blob/1.2/libnetcipher/src/info/guardianproject/netcipher/client/TlsOnlySocketFactory.java#L126

Anyone have any pointers?  NetCipher should really fully support SNI.

.hc

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556


More information about the guardian-dev mailing list