From 6714678e3de8c44c5c9dab8b144a028d2ef9abb0 Mon Sep 17 00:00:00 2001 From: Clemens Portele Date: Thu, 2 Jul 2026 14:30:42 +0200 Subject: [PATCH] docs: recommend secure httpClient TLS settings and announce v5.0 default change The httpClient TLS defaults (verifyHostname: false, trustSelfSignedCertificates: true) do not verify the remote certificate hostname and accept self-signed certificates, which is insecure for connections to external services with valid certificates. Document the two settings on the HTTP Client configuration page, recommend enabling strict validation (verifyHostname: true, trustSelfSignedCertificates: false), and announce that these secure values will become the defaults in v5.0. Documentation only; no behavior change. --- .../base/domain/HttpClientConfiguration.java | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/xtraplatform-base/src/main/java/de/ii/xtraplatform/base/domain/HttpClientConfiguration.java b/xtraplatform-base/src/main/java/de/ii/xtraplatform/base/domain/HttpClientConfiguration.java index 1fc259f7..5ffd7734 100644 --- a/xtraplatform-base/src/main/java/de/ii/xtraplatform/base/domain/HttpClientConfiguration.java +++ b/xtraplatform-base/src/main/java/de/ii/xtraplatform/base/domain/HttpClientConfiguration.java @@ -31,6 +31,24 @@ * - '*.example.org' * ``` * + *

## TLS + *

When the application connects to an external service over `https` (for example a WFS or + * tile backend), the following settings control how the certificate of the remote service is + * validated. The current defaults are `verifyHostname: false` and `trustSelfSignedCertificates: + * true`, i.e. the hostname of the certificate is not verified and self-signed certificates are + * accepted. For connections to services with valid certificates it is recommended to enable + * strict validation: + *

+ * ```yaml + * httpClient: + * tls: + * verifyHostname: true + * trustSelfSignedCertificates: false + * ``` + * + *

In v5.0 these secure values will become the defaults. Deployments that connect to services + * with self-signed or otherwise non-verifiable certificates will then have to set + * `verifyHostname: false` and `trustSelfSignedCertificates: true` explicitly. *

* @langDe # HTTP Client *

## HTTP Proxy @@ -53,6 +71,24 @@ * - '*.example.org' * ``` * + *

## TLS + *

Wenn die Applikation sich über `https` mit einem externen Dienst verbindet (zum Beispiel + * einem WFS- oder Tile-Backend), steuern die folgenden Einstellungen, wie das Zertifikat des + * entfernten Dienstes geprüft wird. Die aktuellen Standardwerte sind `verifyHostname: false` + * und `trustSelfSignedCertificates: true`, d.h. der Hostname des Zertifikats wird nicht geprüft + * und selbstsignierte Zertifikate werden akzeptiert. Für Verbindungen zu Diensten mit gültigen + * Zertifikaten wird empfohlen, die strikte Prüfung zu aktivieren: + *

+ * ```yaml + * httpClient: + * tls: + * verifyHostname: true + * trustSelfSignedCertificates: false + * ``` + * + *

In v5.0 werden diese sicheren Werte zu den Standardwerten. Deployments, die sich mit + * Diensten mit selbstsignierten oder anderweitig nicht verifizierbaren Zertifikaten verbinden, + * müssen dann `verifyHostname: false` und `trustSelfSignedCertificates: true` explizit setzen. *

*/ @DocFile(path = "application/20-configuration", name = "97-http-client.md")