Skip to content
This repository has been archived by the owner on Apr 1, 2024. It is now read-only.

PR-20268: [feat] Enable hostname verification by default #5831

Open
2 tasks done
streamnativebot opened this issue Jul 19, 2023 · 0 comments
Open
2 tasks done

PR-20268: [feat] Enable hostname verification by default #5831

streamnativebot opened this issue Jul 19, 2023 · 0 comments

Comments

@streamnativebot
Copy link

url: apache#20268

PIP: This will require a PIP. It is a draft for now while I get tests passing.

Motivation

It is recommended to use hostname verification in most use cases for TLS. In order to have more secure defaults, I propose that we enable TLS hostname verification by default.

This change will not affect any users that do not have TLS enabled. It will only be a breaking change for users that want to use TLS with hostname verification disabled.

Modifications

  • Update all clients to enable hostname verification by default.

Verifying this change

This is a trivial change from a configuration perspective. I expect many tests will fail though, so those will also verify the changes.

Does this pull request potentially affect one of the following parts:

  • The default values of configurations

Documentation

  • doc-required

Matching PR in forked repository

PR in forked repository: michaeljmarshall#44
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@streamnativebot