8341496: Improve JMX connections

Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org>
Reviewed-by: skoivu, rhalade, coffeys, dfuchs, kevinw, jnimeh

src/java.rmi/share/classes/javax/rmi/ssl/SslRMIClientSocketFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@ import java.net.Socket;
 import java.rmi.server.RMIClientSocketFactory;
 import java.util.StringTokenizer;
 import javax.net.SocketFactory;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 
@@ -119,6 +120,16 @@ public class SslRMIClientSocketFactory
         //
         final SSLSocket sslSocket = (SSLSocket)
             sslSocketFactory.createSocket(host, port);
+
+        if (Boolean.parseBoolean(
+                System.getProperty("jdk.rmi.ssl.client.enableEndpointIdentification", "true"))) {
+            SSLParameters params = sslSocket.getSSLParameters();
+            if (params == null) {
+                params = new SSLParameters();
+            }
+            params.setEndpointIdentificationAlgorithm("HTTPS");
+            sslSocket.setSSLParameters(params);
+        }
         // Set the SSLSocket Enabled Cipher Suites
         //
         final String enabledCipherSuites =

test/jdk/javax/management/security/SecurityTest.java

@@ -402,6 +402,8 @@ public class SecurityTest {
         opts.add(JDKToolFinder.getJDKTool("java"));
         opts.addAll(Arrays.asList(jdk.test.lib.Utils.getTestJavaOpts()));
 
+        opts.add("-Djdk.rmi.ssl.client.enableEndpointIdentification=false");
+
         // We need to forward some properties to the client side
         opts.add("-Dtest.src=" + System.getProperty("test.src"));
 

test/jdk/javax/rmi/ssl/SSLSocketParametersTest.java

@@ -137,6 +137,7 @@ public class SSLSocketParametersTest extends SSLContextTemplate {
     }
 
     public static void main(String[] args) throws Exception {
+        System.setProperty("jdk.rmi.ssl.client.enableEndpointIdentification", "false");
         SSLSocketParametersTest test = new SSLSocketParametersTest();
         test.runTest(Integer.parseInt(args[0]));
     }

test/jdk/sun/management/jmxremote/bootstrap/JMXInterfaceBindingTest.java

@@ -21,6 +21,29 @@
  * questions.
  */
 
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
 import java.io.File;
 import java.io.PrintWriter;
 import java.net.InetAddress;
@@ -205,6 +228,7 @@ public class JMXInterfaceBindingTest {
             // This is needed for testing on loopback
             args.add("-Djava.rmi.server.hostname=" + address);
             if (useSSL) {
+                args.add("-Djdk.rmi.ssl.client.enableEndpointIdentification=false");
                 args.add("-Dcom.sun.management.jmxremote.registry.ssl=true");
                 args.add("-Djavax.net.ssl.keyStore=" + KEYSTORE_LOC);
                 args.add("-Djavax.net.ssl.trustStore=" + TRUSTSTORE_LOC);

test/jdk/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -169,6 +169,7 @@ public class RmiBootstrapTest extends RmiTestBase {
         final List<Path> credentialFiles = prepareTestFiles(args[0]);
 
         Security.setProperty("jdk.tls.disabledAlgorithms", "");
+        System.setProperty("jdk.rmi.ssl.client.enableEndpointIdentification", "false");
 
         try {
             MAX_GET_FREE_PORT_TRIES = Integer.parseInt(System.getProperty("test.getfreeport.max.tries", "10"));

test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java

@@ -179,6 +179,7 @@ public class RmiRegistrySslTest {
             initTestEnvironment();
 
             List<String> command = new ArrayList<>();
+            command.add("-Djdk.rmi.ssl.client.enableEndpointIdentification=false");
             command.add("-Dtest.src=" + TEST_SRC);
             command.add("-Dtest.rmi.port=" + port);
             command.addAll(Arrays.asList(args));