I want to know:

• Is SNI enabled in apache/webui on OneFS 7.1.x ?
• Is there anything about SNI to configure in apache/webui to resolve the error I see below?

I have recently encountered an issue after I upgrade my Java version to version 7 on the Java client that sends RESTful requests to Isilon server using the RAN API.  The same piece of code has been working fine before upgrading the Java version. I notice SNI is enabled by default on Java 7 (Security Enhancements in Java SE 7).

HTTP Request: GET https://ip_address:8080/namespace/?versions

HTTP Response Code: 400

HTTP Response Body:

Bad Request

Your browser sent a request that this server could not understand.

Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.

This is the entries I see from webui logs:

• webui_httpd_access:log: 2015-04-30T14:48:36-07:00 <19.6> isilon-1(id1) httpd: - - [30/Apr/2015:14:48:36 -0700] "GET /namespace/?versions HTTP/1.1" 400 - "-" "Java/1.7.0"
• webui_httpd_error.log: 2015-04-30T14:48:36-07:00 <18.3> isilon-1(id1) httpd[10409]: [error] Hostname provided via SNI and hostname provided via HTTP are different

I am not sure if the error in webui_httpd_error.log is the first scenario described in: NameBasedSSLVHostsWithSNI - Httpd Wiki

Here are few things I tried that worked as a workaround:

• Disable ssl validation.
• Change the GET request from using the IP Address to the full-qualified hostname (i.e. GET https://full_qualified_hostname:8080/namespace/?versions)
• Add this Java environment variable when launching the Java client: -Djsse.enableSNIExtension=false

Notes:

• SSL is enabled on the Isilon Server with a self-signed certificate installed. All possible hostnames (cluster and nodes) and IP Addresses are specified in SubjectAlternativeName.
• The SSL certificate has been imported to cacerts of the Java runtime.