Am Mon, 3 Nov 2014 00:15:28 +0100 schrieb Bernd Eckenfels <e...@zusammenkunft.net>:
> JSSE... I noticed, that > the Java 8 hostname verifier (algorithm https configured) will reverse > resolve hostnames and use them. Is this JDK-8067695 (not public) and fixed in 8u51? Does this have an CVE entry in the 8u51 CPU list, I cannot find one (but then again the descriptions aren't very verbose anyway) http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#JAVA In case you are curious, according to the release notes, it can be controled with jdk.tls.trustNameService. Gruss Bernd
