[java.net.http.HttpClient] Active monitoring of resolved IP addresses
Daniel Fuchs
daniel.fuchs at oracle.com
Wed Jul 29 12:28:58 UTC 2020
Hi Nicolas,
On 29/07/2020 13:20, Nicolas Henneaux wrote:
> System.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());
> System.setProperty("jdk.httpclient.allowRestrictedHeaders", "host");
I don't believe it's a good idea to disable/customize
hostname verification. This property is merely intended for
test environments - where you might need to pretend that you're
talking to some other servers...
And it shouldn't be needed if the certificate presented by the
server contained the proper host names?
best regards,
-- daniel
More information about the net-dev
mailing list