Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Are Subject Alternative Names compulsory for SSL in Jetty 9.4.18?


On Sun, Sep 15, 2019 at 1:23 PM Sonali Dasgupta
<sonalidasgupta95.2011@xxxxxxxxx> wrote:
> Hi Joakim,
> Thank you so much for the code example. I am using embedded jetty , and a generic SSL context. Shall make the change to Server SSL Context, and Client SSL Context for client.

Yes you should.

> Could you please confirm another small detail ? Is it needed to set the endpoint identification algorithm to null in the code ?

Setting the EndpointIdentificationAlgorithm to a non-null (or
non-empty) string is used to validate that the host name in a
certificate matches with the DNS host, to prevent MITM attacks.

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top