Skip to content

docs: recommend secure httpClient TLS settings; announce v5.0 default change#433

Open
cportele wants to merge 1 commit into
masterfrom
doc-5.0
Open

docs: recommend secure httpClient TLS settings; announce v5.0 default change#433
cportele wants to merge 1 commit into
masterfrom
doc-5.0

Conversation

@cportele

Copy link
Copy Markdown
Contributor

The httpClient TLS defaults (verifyHostname: false, trustSelfSignedCertificates: true) do not verify the remote certificate hostname and accept self-signed certificates, which is insecure for connections to external services with valid certificates. Document the two settings on the HTTP Client configuration page, recommend enabling strict validation (verifyHostname: true, trustSelfSignedCertificates: false), and announce that these secure values will become the defaults in v5.0.

Documentation only; no behavior change.

…ult change

The httpClient TLS defaults (verifyHostname: false, trustSelfSignedCertificates:
true) do not verify the remote certificate hostname and accept self-signed
certificates, which is insecure for connections to external services with valid
certificates. Document the two settings on the HTTP Client configuration page,
recommend enabling strict validation (verifyHostname: true,
trustSelfSignedCertificates: false), and announce that these secure values will
become the defaults in v5.0.

Documentation only; no behavior change.
@cportele cportele requested a review from azahnen as a code owner July 13, 2026 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant