On 11/06/18 11:47, Weiner Harald wrote:
<snip/>
> What are your thoughts?
I'm leaning towards adding:
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
sslSocket.setSSLParameters(sslParams);
unconditionally to WsWebSocketContainer.createSSLEngine()
I've been trying to think of a use case where you'd want to use TLS
without wanting to verify the host name and I can't think of one.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
