ok2c commented on code in PR #490: URL: https://github.com/apache/httpcomponents-client/pull/490#discussion_r1343119220
########## httpclient5/src/main/java/org/apache/hc/client5/http/ssl/TrustAllStrategy.java: ########## @@ -34,9 +34,15 @@ import org.apache.hc.core5.ssl.TrustStrategy; /** - * A trust strategy that accepts all certificates as trusted. Verification of - * all other certificates is done by the trust manager configured in the SSL - * context. + * A trust strategy that accepts all certificates as trusted. + * + * <h2>Security Warning</h2> + * This trust strategy effectivels disables most security features of SSL / TLS, Review Comment: @Marcono1234 I would prefer "disables trust verification" but I can live with "disables some security features". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
