javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name

Document created by yvonne_f159640 on Apr 5, 2018
Version 1Show Document
  • View in full screen mode

Issue

Using HTTP Client Connector, the server the customer connecting to has recently changed its configuration to "strict SNI",  and then all processes in Boomi were failing when trying to connect. The error received from the connector is 

javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name

 

[Cause]

The server the customer connecting to has recently changed its configuration to "strict SNI."

 

Solution

 

The issue is due to the load balancer requires SNI (Server Name Indication) support from any HTTP clients connecting to it, but the HTTP client that Boomi is using doesn't support SNI. The Server Name Indication (SNI) property would be enabled by default in a local Atom but is disabled in the Atom Cloud and Test Atom Cloud as it might have a negative impact on other customers using the Clouds. 

 

If the customer is using a local atom, add the below setting to the atom.vmoptions file. 

==== 
-Djsse.enableSNIExtension=false 
=== 

The SNI, (Server Name Indication) extension is a feature that extends the SSL/TLS protocols to indicate what server name the client is attempting to connect to during handshaking. Oracle providers will set the hostname in the SNI extension by default, but third-party providers may not support the default server name indication. In this case, set this property to false to disable the SNI extension will help. 

 

If the customer is using Boomi cloud and not willing to switch to local atom, another "workaround" would be to setup up a new load-balancer specifically for Boomi that does not enforce SNI. 

Attachments

    Outcomes