ok2c commented on code in PR #490: URL: https://github.com/apache/httpcomponents-client/pull/490#discussion_r1342539092
########## httpclient5/src/main/java/org/apache/hc/client5/http/ssl/TrustAllStrategy.java: ########## @@ -34,9 +34,15 @@ import org.apache.hc.core5.ssl.TrustStrategy; /** - * A trust strategy that accepts all certificates as trusted. Verification of - * all other certificates is done by the trust manager configured in the SSL - * context. + * A trust strategy that accepts all certificates as trusted. + * + * <h2>Security Warning</h2> + * This trust strategy effectivels disables most security features of SSL / TLS, Review Comment: @Marcono1234 Could you avoid using the term `most` in `effectively disables most security features of SSL / TLS` because it is absolutely arbitrary? The strategy effectively disables the trust verification but not any other features of TLS. Otherwise looks good to me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
