You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Oliver Lietz (Jira)" <ji...@apache.org> on 2021/12/03 14:58:00 UTC

[jira] [Resolved] (SLING-10965) Support server identity check

     [ https://issues.apache.org/jira/browse/SLING-10965?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oliver Lietz resolved SLING-10965.
----------------------------------
    Resolution: Done

> Support server identity check
> -----------------------------
>
>                 Key: SLING-10965
>                 URL: https://issues.apache.org/jira/browse/SLING-10965
>             Project: Sling
>          Issue Type: New Feature
>          Components: Commons
>            Reporter: Oliver Lietz
>            Assignee: Oliver Lietz
>            Priority: Critical
>             Fix For: Commons Messaging Mail 2.0.0
>
>
> ??Server Identity Check RFC 2595 specifies addition checks that must be performed on the server's certificate to ensure that the server you connected to is the server you intended to connect to. This reduces the risk of "man in the middle" attacks. For compatibility with earlier releases of Jakarta Mail, these additional checks are disabled by default. We strongly recommend that you enable these checks when using SSL. To enable these checks, set the "mail.<protocol>.ssl.checkserveridentity" property to "true".??
> [https://eclipse-ee4j.github.io/mail/docs/SSLNOTES.txt]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)