2

I need to connect to spring websocket server which supports SNI. I am using Spring WebSocket Client which by default does not sends SNI extension as jdk 1.8.0 does not send SNI extension by default.

Extended server_name (SNI Extension) not sent with jdk1.8.0 but send with jdk1.7.0

The official documentation of java suggests to add SNI Matcher with SSLParameters and set the SSLParameters to SSLSocket before making any HttpsUrlConnection with that SSLSocket.

https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension

Is there any way to set this property with Spring WebSocket Client ?

There are some ClientEndpointCongfig properties that can be set as per given link but I did not find any property which can be used to set SSLSocket or SSLSocketfactory with the Spring websocket client.

https://tomcat.apache.org/tomcat-8.5-doc/web-socket-howto.html

Here is a sample code for Spring websocket client:

List<Transport> transports = new ArrayList<>(1);
        StandardWebSocketClient standardWebSocketClient = new StandardWebSocketClient();
        transports.add(new WebSocketTransport( standardWebSocketClient) );
        WebSocketClient transport = new SockJsClient(transports);
        WebSocketStompClient stompClient = new WebSocketStompClient(transport);
        StompSessionHandler sessionHandler = new MyStompSessionHandler();
        stompClient.connect(URL, sessionHandler);
Abhishek kumar
  • 31
  • 3

1 Answers1

0

I landed up with this problem as well. In my case I was getting a wrong certificate from EKS cluster because I have multiple hostname configured for a single IP.

So I had to use this link as a reference to force SNI information with the request. However did not find a way to do this with spring standadrd wensocket client.

I have used this (link) websocket client to resolve this issue. Basically I had to provide socket factory wrapper from above link to the websocket client.

Something like : SSLSocketFactory factory = new SSLSocketFactoryWrapper(sslContext, sslParameters); webSocket.setSocketFactory(factory);

Rajib Deka
  • 551
  • 1
  • 7
  • 22
  • Can you explain further what you did? I have a `WebSocketStompClient` and no way of setting a socket factory? What WebSocket client do you use in Spring for this to work? Please share the detailed code if possible – xetra11 Jul 07 '22 at 08:59
  • I can't figure out what you defined as `sslContext` – xetra11 Jul 07 '22 at 09:14
  • 1
    I am not sure I can share the code (legal issue), however you may study this link - https://www.javacodegeeks.com/2019/08/web-socket-java-client-stomp-spring-server-side.html – Rajib Deka Jul 12 '22 at 05:31