SNI required for HTTP clients working with JFrog Cloud

Saleh Samara
2020-03-27 23:49

For enhanced security and compliance, the new JFrog platform release introduces the removal of support for non-SNI clients on JFrog Cloud.

What is Server Name Indication (SNI)?

SNI is an extension to the TLS protocol which allows a client to indicate which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) web services to be served by the same IP address without requiring all those sites to use the same certificate. (References: The HTTPS-Only Standard and Wikipedia )

Implementing the new security standard with the JFrog Platform

When using HTTP clients that do not support SNI with the new JFrog Cloud platform version, requests for download/upload will fail. To avoid failures, customers should upgrade their clients to an officially supported client version. The most commonly used client version not supporting SNI is Python 2, with SNI added from version 2.7.9 (Dec 2014) onward. It is recommended to keep all tools, clients and services on recent versions, to avoid security flaws and weaknesses, as well as to benefit from new capabilities.