Under special circumstances, you can experience issues with connecting to secured servers. The following examples show what may go wrong, and if it does you will need to enable SNI.
Example A: WebData Connection Fails
When we are trying to do a webdata connection to an HTTPS endpoint, it responds with an error. You may notice that if it has an HTTP endpoint, this works fine. However, using the HTTPS endpoint may result in a connection error report:
endpoint 1 "Endpoint1": Failed to contact target host More Info endpoint 1 "Endpoint1" : javax.net.ssl.SSLException: Received fatal alert: handshake_failure Unable to contact target host (SSLException)
Example B: WebContent Feed Fails
When we try to access an edgeWeb HTTPS endpoint, the following exception is thrown:
HTTP/1.1; Caused by exception: javax.net.ssl.SSLException: Unrecognized record version TLS-0.0
There may also be inexplicable errors causing SSO to fail in the case that there are domains outside of the connection used during SSO. Any logs with SSLException generally have a chance to be resolved by enabling the SNI setting.
Check whether SNI is Enabled
If you have encountered an HTTPS issue, verify whether SNI Options are enabled in the
environment.sh /.bat file:
Check whether a Server Supports SNI
To check whether a server supports SNI, run the following command:
openssl s_client -servername www.servername.com -tlsextdebug -connect www.yourserver.com:443 | grep "server name"
In this case, www.servername.com is the SNI value you are testing, and www.yourserver.com is the domain name or IP address of the TLS-capable server you are testing.
The output will look like this:
TLS server extension "server name" (id=0), len=0
This means that the SNI header information is in the ServerHello response.
If, however, you do not get the above-mentioned output, then the server either does not support SNI or it has not been configured to return the SNI information for the name you provided.
edgeCore Version 4.3.11
By default, SNI is enabled when connecting to third-party HTTPS web data/web content sources.