On 11/06/18 11:47, Weiner Harald wrote: <snip/>
> What are your thoughts? I'm leaning towards adding: SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams); unconditionally to WsWebSocketContainer.createSSLEngine() I've been trying to think of a use case where you'd want to use TLS without wanting to verify the host name and I can't think of one. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org