We use ServiceNow to communicate with PushBullet via REST API. Recently we started getting the following error
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
And a 500 HTTP error.
After much research it appears SNI has been added as part of an SSL certificate upgrade https://en.wikipedia.org/wiki/Server_Name_Indication
ServiceNow state they do not support SNI in any version.
The tests that you see are from SoapUI and Postman.
The way we test for this is by using the following command:
openssl s_client -connect api.pushbullet.com:443
(this fails)
Adding the -servername parameter is used to pick the correct domain from the certificate that now contains multiple domains:
openssl s_client -connect api.pushbullet.com:443 -servername api.pushbullet.com
CONNECTED(00000003)
depth=1 /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/CN=*.pushbullet.com
i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G2
1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G2
i:/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbDCCBVSgAwIBAgIQTyKV1VxdJTcntEU7ErB0mjANBgkqhkiG9w0BAQsFADBH
<snip>
Is there any way of now accessing PushBullet APIs without SNI?
Gavin.
SNI support has been added as of the Jakarta release:
https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/integrate/outbound-web-services/concept/outbound-sni-support.html
By default, SNI support is disabled in Jakarta. If it has been enabled on your ServiceNow instance, you would have the glide.outbound.tls_sni.enabled property set to true. Change it to false and your API calls should stop using SNI.