TLS hostname verifier: reverse resolves peer addresses?

Bernd Eckenfels ecki at
Wed Jul 15 00:48:06 UTC 2015

Am Mon, 3 Nov 2014 00:15:28 +0100
schrieb Bernd Eckenfels <ecki at>:

> JSSE...  I noticed, that
> the Java 8 hostname verifier (algorithm https configured) will reverse
> resolve hostnames and use them.

Is this JDK-8067695 (not public) and fixed in 8u51?

Does this have an CVE entry in the 8u51 CPU list, I cannot find one (but
then again the descriptions aren't very verbose anyway)

In case you are curious, according to the release notes, it can be
controled with jdk.tls.trustNameService.


More information about the security-dev mailing list