transport-netty4 module set TLS SNI when server_name is provided

modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java

@@ -50,13 +50,18 @@
 import org.opensearch.transport.netty4.Netty4Transport;
 import org.opensearch.transport.netty4.ssl.SecureConnectionTestUtil.SSLConnectionTestResult;
 
+import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.List;
 
 import io.netty.channel.Channel;
 import io.netty.channel.ChannelHandler;
@@ -181,6 +186,7 @@ protected static class ClientSSLHandler extends ChannelOutboundHandlerAdapter {
         private final SecureTransportSettingsProvider secureTransportSettingsProvider;
         private final boolean hostnameVerificationEnabled;
         private final boolean hostnameVerificationResovleHostName;
+        private final String serverName;
 
         private ClientSSLHandler(
             final Settings settings,
@@ -192,6 +198,21 @@ private ClientSSLHandler(
             this.secureTransportSettingsProvider = secureTransportSettingsProvider;
             this.hostnameVerificationEnabled = hostnameVerificationEnabled;
             this.hostnameVerificationResovleHostName = hostnameVerificationResovleHostName;
+            this.serverName = null;
+        }
+
+        private ClientSSLHandler(
+            final Settings settings,
+            final SecureTransportSettingsProvider secureTransportSettingsProvider,
+            final boolean hostnameVerificationEnabled,
+            final boolean hostnameVerificationResovleHostName,
+            final String serverName
+        ) {
+            this.settings = settings;
+            this.secureTransportSettingsProvider = secureTransportSettingsProvider;
+            this.hostnameVerificationEnabled = hostnameVerificationEnabled;
+            this.hostnameVerificationResovleHostName = hostnameVerificationResovleHostName;
+            this.serverName = serverName;
         }
 
         @Override
@@ -243,6 +264,13 @@ public void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, Sock
             } catch (final SSLException e) {
                 throw ExceptionsHelper.convertToOpenSearchException(e);
             }
+            if (serverName != null) {
+                SSLParameters params = sslEngine.getSSLParameters();
+                List<SNIServerName> serverNames = new ArrayList<>(1);
+                serverNames.add(new SNIHostName(serverName));
+                params.setServerNames(serverNames);
+                sslEngine.setSSLParameters(params);
+            }
 
             final SslHandler sslHandler = new SslHandler(sslEngine);
             ctx.pipeline().replace(this, "ssl_client", sslHandler);
@@ -299,7 +327,8 @@ protected void initChannel(Channel ch) throws Exception {
                             settings,
                             secureTransportSettingsProvider,
                             hostnameVerificationEnabled,
-                            hostnameVerificationResolveHostName
+                            hostnameVerificationResolveHostName,
+                            node.getAttributes().get("server_name")
                         )
                     );
             } else {