Author zyasoft
Recipients zyasoft
Date 2015-12-29.14:21:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
SNI (server name information) is an extension to SSL/TLS that allows the client to select a hostname and the server to pick the appropriate certificate matching that hostname. Although there is internal support in Java 7, it really requires Java 8 to use the public API. Since the ssl module is written in Python, it is easy to provide this support only on Java 8 or higher, by using standard ImportError handling semantics.

Server side. Python specifies a callback on the SSL context (, which corresponds roughly to the SniHandler class provided by Netty 4 ( By default, SniHandler will automatically switch the SSL context, but a subclass of SniHandler can override SniHandler.sslContext, which can in turn interrogate SniHandler.hostname() to provide set_servername_callback.

Client side. In wrapping a socket, client code can specify the desired server hostname. This hostname in turn can be set in the ssl module's SSLContext._createSSLEngine, which currenty sets some of the SSL parameters, via

There is some additional certificate functionality that is already implemented for SNI in Jython's ssl, namely match_hostname. But it looks like we need to complete SSLContext.check_hostname support.
Date User Action Args
2015-12-29 14:21:45zyasoftsetrecipients: + zyasoft
2015-12-29 14:21:45zyasoftsetmessageid: <>
2015-12-29 14:21:45zyasoftlinkissue2446 messages
2015-12-29 14:21:44zyasoftcreate