You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Oliver Lietz (Jira)" <ji...@apache.org> on 2021/12/03 14:53:00 UTC
[jira] [Created] (SLING-10965) Support server identity check
Oliver Lietz created SLING-10965:
------------------------------------
Summary: Support server identity check
Key: SLING-10965
URL: https://issues.apache.org/jira/browse/SLING-10965
Project: Sling
Issue Type: New Feature
Components: Commons
Reporter: Oliver Lietz
Assignee: Oliver Lietz
Fix For: Commons Messaging Mail 2.0.0
??Server Identity Check RFC 2595 specifies addition checks that must be performed on the server's certificate to ensure that the server you connected to is the server you intended to connect to. This reduces the risk of "man in the middle" attacks. For compatibility with earlier releases of Jakarta Mail, these additional checks are disabled by default. We strongly recommend that you enable these checks when using SSL. To enable these checks, set the "mail.<protocol>.ssl.checkserveridentity" property to "true".??
[https://eclipse-ee4j.github.io/mail/docs/SSLNOTES.txt]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)