Document SNI workaround for Java-based clients
diff --git a/src/site/faq.mkd b/src/site/faq.mkd
index cdf3d59..fb1b599 100644
--- a/src/site/faq.mkd
+++ b/src/site/faq.mkd
@@ -3,18 +3,19 @@
### Eclipse/Egit/JGit complains that it "can't open upload pack"?
There are a few ways this can occur:
-1. You are using https with a self-signed certificate and you **did not** configure *http.sslVerify=false*
+1. Are you running Java 7?<br />Java 7 introduced SNI support for SSL connections and it is enabled by default.<br />[Java 7 Security Enhancements](http://docs.oracle.com/javase/7/docs/technotes/guides/security/enhancements-7.html)<br />To disable SNI alerts, add this line to your eclipse.ini file and restart Eclipse.<br /><pre>-Djsse.enableSNIExtension=false</pre>
+2. You are using https with a self-signed certificate and you **did not** configure *http.sslVerify=false*
1. Window->Preferences->Team->Git->Configuration
2. Click the *New Entry* button
3. <pre>Key = <em>http.sslVerify</em>
Value = <em>false</em></pre>
-2. Gitblit GO's default self-signed certificate is bound to *localhost* and you are trying to clone/push between machines.
+3. Gitblit GO's default self-signed certificate is bound to *localhost* and you are trying to clone/push between machines.
1. Review the contents of `makekeystore.cmd`
2. Set *your hostname* in the *HOSTNAME* variable.
3. Execute the script.<br/>This will generate a new certificate and keystore for *your hostname* protected by *server.storePassword*.
-3. The repository is clone-restricted and you don't have access.
-4. The repository is clone-restricted and your password changed.
-5. A regression in Gitblit. :(
+4. The repository is clone-restricted and you don't have access.
+5. The repository is clone-restricted and your password changed.
+6. A regression in Gitblit. :(
### Why can't I access Gitblit GO from another machine?
1. Please check *server.httpBindInterface* and *server.httpsBindInterface* in `gitblit.properties`, you may be only be serving on *localhost*.
diff --git a/src/site/setup.mkd b/src/site/setup.mkd
index 8a3d99a..525be85 100644
--- a/src/site/setup.mkd
+++ b/src/site/setup.mkd
@@ -741,7 +741,7 @@
**NOTE:**
The default self-signed certificate generated by Gitlbit GO is bound to *localhost*.
If you are using Eclipse/EGit/JGit clients, you will have to generate your own certificate that specifies the exact hostname used in your clone/push url.
-You must do this because Eclipse/EGit/JGit (<= 2.1.0) always verifies certificate hostnames, regardless of the *http.sslVerify=false* client-side setting.
+You must do this because Eclipse/EGit/JGit (<= 2.3.1) always verifies certificate hostnames, regardless of the *http.sslVerify=false* client-side setting.
- **Eclipse/EGit/JGit**
1. Window->Preferences->Team->Git->Configuration
@@ -757,6 +757,25 @@
This can be adjusted on your client by changing the default post buffer size:
<pre>git config --global http.postBuffer 524288000</pre>
+### Disabling SNI
+
+You may run into SNI alerts (Server Name Indication). These will manifest as failures to clone or push to your Gitblit instance.
+
+#### Java-based Clients
+
+When using Java 7-based clients, SNI is enabled by default. You can disable SNI by specifying the JVM system parameter `-Djsse.enableSNIExtension=false` when your Java-based client launches.
+
+For Eclipse, you can append `-Djsse.enableSNIExtension=false` to your *eclipse.ini* file.
+
+#### Native Clients
+
+Native clients may display an error when attempting to clone or push that looks like this:
+---FIXED---
+C:\projects\git\gitblit>git push rhcloud master
+error: error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112) while accessing https://demo-gitblit.rhcloud.com/git/gitblit.git/info/refs?service=git-receive-pack
+fatal: HTTP request failed
+---FIXED---
+
### Cloning an Access Restricted Repository
- **Eclipse/EGit/JGit**
Nothing special to configure, EGit figures out everything.
