ok2c commented on PR #647: URL: https://github.com/apache/httpcomponents-client/pull/647#issuecomment-2958825146
> @ok2c I'm not familiar with `HostnameVerificationPolicy`. It looks like it is used to enable the built-in verifier (via `SSLParameters`), as well as to choose the default `HostnameVerifier` instance during building/construction. What are the behavioral differences between `CLIENT` and `BUILTIN`? Are there interactions here with other features, like Conscrypt? @rschmitt Precisely. The `CLIENT` mode implies the check gets performed by the client (our own hostname verification code) after the TLS handshake completion. The `BUILTIN` mode implies the check gets performed by the Security Provider as a part of the TLS handshake (which makes more sense). `BOTH` means both checks get performed. Using `BUILTIN` by default would enable to start getting out the whole hostname verification business. At some point we may even deprecate our own code. And there will be no PSL loaded by default. `HostnameVerificationPolicy` is generic and is not specific to any Security Providers. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
